Installer Hijacking Vulnerability in Android Devices

["US-CERT" <US-CERT () ncas us-cert gov>]

NCCIC / US-CERT

National Cyber Awareness System:

Installer Hijacking Vulnerability in Android Devices [ 
https://www.us-cert.gov/ncas/current-activity/2015/03/24/Installer-Hijacking-Vulnerability-Android-Devices ] 03/24/2015 
01:08 PM EDT 
Original release date: March 24, 2015

A vulnerability in Google's Android OS [ 
http://researchcenter.paloaltonetworks.com/2015/03/android-installer-hijacking-vulnerability-could-expose-android-users-to-malware/
 ] has been discovered that could allow an attacker to change or replace a seemingly safe Android application with 
malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised 
devices without user knowledge. Devices running Android version 4.4 or later are not vulnerable.

US-CERT advises users to ensure their devices are running an up-to-date version of Android and to use caution when 
installing software from third-party app stores.
 

________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]