Article Lead Image

There’s a good chance your Android is vulnerable to this malware

But there's a fix.


Mike Wehner


Posted on Mar 26, 2015   Updated on May 29, 2021, 5:33 am CDT

Security researchers have discovered a massive vulnerability in Google’s Android operating system that left approximately 50 percent of all devices at risk of attack by malicious applications. Palo Alto Networks first detected the issue over a year ago in January 2014, and has been working with Google, Samsung, and Amazon to patch the hole before publicly disclosing the discovery today. 

“We discovered a widespread vulnerability in Google’s Android OS we are calling ‘Android Installer Hijacking,’ estimated to impact 49.5 percent of all current Android users,” Palo Alto Networks’ report reads. The attack involves a malware application hijacking the installation of a legitimate app on a third-party app store in order to gain full access to a user’s device. 

Android app install screen

Android app install screen

Palo Alto Networks

Affected users might think they’ve chosen to download a top-selling game or other legitimate app, only to find a different app has been installed instead. Once the malicious app completes the install process—gaining permissions to sensitive data along the way—it can then obtain usernames, passwords, and other private information. 

The vulnerability exists because of the way Android triggers app installations. Put simply, visiting a third-party app store on your device and then clicking to install an app brings up a screen that shows you the app’s name, icon, and requested permissions. During this time, a malware app can swap itself in for the legitimate app, and once the user approves the installation, thinking they are installing the app listed on their screen, the malicious app is installed instead. 

The exploit is only possible on certain devices because specific builds of Android don’t include the same security features as others. The research team notes that both Samsung and Amazon have released fixes for at least some of their devices so far, but Palo Alto Networks has launched its own app specifically designed to scan your device and determine if you are vulnerable or not. 

The vulnerability has been patched universally in Android version 4.4 KitKat, but if your device is still running 4.3 Jelly Bean, it’s a good idea to download the scanner app and verify that the issue has been patched. 

Image via Palo Alto Networks/Google Play

Share this article
*First Published: Mar 26, 2015, 12:19 pm CDT