Another day, another new Android malware strain. Microsoft is sounding the alarm about a serious security vulnerability recently discovered on Android called “Dirty Stream.” This vulnerability allows malicious apps to easily hijack legitimate apps. To make matters worse, this flaw affects multiple apps that have been installed hundreds of millions of times. If you have the best Android smartphone, here's what you need to know to protect your data.
This vulnerability is related to the ContentProvider system, prevalent in many popular Android apps, that manages access to structured data sets shared between different applications. This basically allows Android apps to communicate with each other and share files. To protect users and prevent unauthorized access, the system incorporates safeguards such as strict segregation of data, unique permissions associated with specific URIs (Uniform Resource Identifiers), and path validation security. I am.
What makes the Dirty Stream vulnerability so bad is the way the system operates. Microsoft discovered that a hacker could create “custom intents,” messaging objects that facilitate communication between components across his Android apps, and bypass these security measures. This loophole allows a malicious app to use a custom intent to send a file with a manipulated file name or path to another app, sneaking harmful code disguised as a legitimate file. can do.
From there, a hacker can trick a vulnerable app into overwriting important files in your private storage space, and the consequences can be devastating. As BleepingComputer notes, Dirty Stream essentially turns common OS-level features into weaponized tools that can execute malicious code, steal data, and even do so while the user is unwise. It can even hijack apps.
“If arbitrary code is executed, the attacker may gain complete control over the behavior of the application,” Microsoft said in a security bulletin this week. “On the other hand, token theft could give an attacker access to a user's account and sensitive data.”
How widespread is this threat?
Microsoft's investigation has determined that this vulnerability is not an isolated issue. The company discovered an incorrect implementation of the content provider system that was prevalent in many popular Android apps.
“We have identified several vulnerable applications representing over 4 billion installs in the Google Play Store,” Microsoft explained. “We anticipate that this vulnerability pattern may be found in other applications as well.”
Microsoft cited Xiaomi Inc.'s File Manager (over 1 billion installations) and WPS Office (over 500 million installations) as two examples of popular apps that are susceptible to this risk and have since been patched. are listed.
Given the nature of how this vulnerability works, it is difficult to know exactly how many other legitimate apps are affected. However, until all apps are patched, it's safe to assume that this potential risk is industrial-scale.
How to protect yourself from Android malware
The first and easiest step to avoid potentially harmful malware infecting your Android device is to avoid sideloading apps altogether. While it may seem convenient, and certain apps may require sideloading, most people find what they need in official app stores such as the Google Play Store, Samsung Galaxy Store, or Amazon App Store. You can find it.
The reason you don't want to sideload apps is because they don't go through the same rigorous security checks as apps hosted on official stores. Therefore, it is important to rely on trusted sources for app downloads to protect your device from malware.
Next, you need to make sure that Google Play Protect is enabled on your Android phone. It comes pre-installed on most phones with Play Store and actively scans both existing and newly downloaded apps for viruses. Similarly, you can also install one of the best Android antivirus apps for added protection and extra features to increase your online safety.