Hackers Can Remotely Install Malware Apps to Your Android Device.



Security researchers have warned of a pair of vulnerabilities in the Google Play Store that could allow cyber crooks to install and launch malicious applications remotely on Android devices.

X-Frame-Options (XFO) vulnerability.

when combined with a recent Android WebView (Jelly Bean) flaw – creates a way for hackers to quietly install any arbitrary app from the Play store onto victims’ device even without the users consent.
that makes it possible to Remotely Install Malware Apps

Android version 4.3 and below is vulnerable.

Who is targeted to remotely Install malware apps?
The vulnerability affects users running Android version 4.3 Jelly Bean and earlier versions of Android that no longer receive official security updates from Android security team for WebView, a core component used to render web pages on an Android device. Also, users who have installed third party browsers are affected.
According to the researcher, the web browser in Android 4.3 and prior that are vulnerable to a Universal Cross-Site Scripting (UXSS) attack, and Google Play Store is vulnerable to a Cross-Site Scripting (XSS) flaw.

UXSS attacks.

In UXSS attacks, client-side vulnerabilities are exploited in a web browser or browser extensions to generate an XSS condition, which allows the malicious code to be executed, bypassing or disabling the security protection mechanisms in the web browser.

Metasploit module has been created and made public.

A Metasploit module has been created and made public on Github in order to help enterprise security bods test corporate-issued smartphones for exposure to the vulnerability. According to the advisory, the remote code execution is achieved by leveraging two vulnerabilities on affected Android devices:

  • First, the module exploits a Universal Cross-Site Scripting (UXSS) vulnerability present in versions of Android’s open source stock browser (the AOSP Browser) as well as some other browsers, prior to 4.4 (KitKat).
  • Second, the Google Play store’s web interface fails to enforce a X-Frame-Options: DENY header on some error pages, and therefore, can be targeted for script injection. As a result, this leads to remote code execution through Google Play’s remote installation feature, as any application available on the Google Play store can be installed and launched on the user’s device.

How to prevent being exposed.

  • Use a web browsers that are not susceptible to widely known UXSS vulnerabilities – such as Google Chrome or Mozilla Firefox or Dolphin. This could help mitigate the lack of universal X-Frame-Options (XFO) for the play.google.com domain.
  • Another effective way is to simply logged out of the Google Play store account in order to avoid the vulnerability, although this practice is highly unlikely to be adopted by most of the users.
  • Use a good anti virus tool to stop people from remotely install malware apps