A major vulnerability allowed apps with malware viruses to impersonate legitimate apps. Samsung phones, among others, were vulnerable.
Vulnerability: Samsung phones vulnerable to malware
Google makes this known on its security website. The company writes that Android phones from brands such as Samsung and LG were vulnerable, but that the vulnerability has now been closed. It is unclear whether Android users are currently still at increased risk.
The problem is somewhat technical in nature, but the bottom line is that the security keys of multiple phone manufacturers have been leaked. Manufacturers use these types of keys to indicate that the Android version (such as Android 13) of a device is genuine.
The same key can also be used to authenticate apps. If an application has the same security key as the Android system, this app will have full access to the platform.
What does malware do?
This may have happened, according to 9to5Google. The website writes that in theory it is possible that a malicious app developer with a security key puts malware in her / his app, after which this program is approved by the operating system. This app then has access to all data on the device.
That would be a disaster for phone users. All bank details, messages and photos then come into the hands of a rogue app developer.
Malware is an umbrella term for harmful (smartphone) software. Some variants try to steal money, while others make off with personal information. Ultimately, all malware types want to make as much money as possible.
The best-known malware virus is FluBot, which spread via fake apps and text messages from parcel deliverers – including in the Netherlands.
Google: ‘Leak has been closed’
The extent of the leak is still unclear. It is certain that the security keys of brands such as Samsung and LG have been leaked. MediaTek, a company that makes chips for many smartphones, also appears in the list.
It is unclear whether Android users are still at increased risk or not. Google says that they have been aware of the vulnerability since May 2022 and that manufacturers have now taken measures.
Unfortunately, Google does not go into details. For example, 9to5Google noted that vulnerable security keys from Samsung have recently been used in apps. It is also unclear whether the vulnerability has resulted in victims.
What can I do?
Users of potentially affected Android phones will not be able to resolve the vulnerability. It is up to manufacturers to put things in order, Android specialist notes Mishal Rahman on. Smartphone makers must, among other things, exchange and clean up their infected security keys.
Phone users are advised to install software updates as soon as possible. It is also important to only download apps from the Google Play Store. Thanks to Play Protect, a security method from Google, all programs are checked for possible malware.
Grab malware by the collar
There are regular warnings, but how do you actually recognize malware? In our article about recognizing malware, we explain how you can tell that a phone is infected. Next, it’s time to remove the parasite. You can read how to do that in the article about removing malware.