Cyber security vendor FireEye recently announced that Google has patched a software flaw that left Android users open to phishing attacks. The firm says that it identified a malicious app that could modify the icons of other Android software applications. The strategy behind this attack, would be to trick an unknowing Android user into clicking a false app icon that would direct them to a phishing website.
These bogus sites would then try to steal their personal information. Some of the permissions attacked by the malware include “com.android.launcher.permission.READ_SETTINGS” and “com.android.launcher.permission.WRITE_SETTINGS.” These permissions allow an application to reconfigure an Android device’s launcher, including its software icons.