Security vendor FireEye has announced that Google has issued a patch for a security flaw that left Android users vulnerable to attacks that could lead them to phishing sites. The security firm says that it has recently spotted a malicious app that had the ability to modify icons of other applications. The purpose of modifying the icons of other apps was to lure users into clicking them, where they would be sent to a phishing website.
Phishing websites try to steal personal information. Permissions that were targeted on Android devices by this app include “com.android.launcher.permission.READ_SETTINGS” and “com.android.launcher.permission.WRITE_SETTINGS.” Those permissions are intended to allow an app to modify configuration settings for the Android launcher and icons.
Researchers from FireEye say that those two permissions have been classified as “normal” in the past. Normal is a name applied to application permissions that are thought to have no potential to be used maliciously. An app that discovered was using those permission maliciously, leading Google to issue a patch to plug the hole.
The researchers also note that since the permissions were classified as normal, the users weren’t warned about granting those permissions when an application was installed. Essentially that meant that the malicious app was able to change the icons without the user being aware. Google released a patch to its OEM partners, but some partners are slow to add security upgrades. FireEye says that it notified Google of the issue in October 2013, and Google only announced the patch was ready in February.
SOURCE: Computer World