Cyber security vendor FireEye recently announced that Google has patched a software flaw that left Android users open to phishing attacks. The firm says that it identified a malicious app that could modify the icons of other Android software applications. The strategy behind this attack, would be to trick an unknowing Android user into clicking a false app icon that would direct them to a phishing website.
These bogus sites would then try to steal their personal information. Some of the permissions attacked by the malware include “com.android.launcher.permission.READ_SETTINGS” and “com.android.launcher.permission.WRITE_SETTINGS.” These permissions allow an application to reconfigure an Android device’s launcher, including its software icons.
FireEye says that these two permissions have been classified as “normal,” a listing given to permissions thought to be free of malicious software. Since the permissions were considered safe, Android users weren’t warned about the potential risks when installing an application.
FireEye notified Google in October 2013 and Google released a patch to its OEM partners in February. The patch may have possibly been further delayed, due to vendors slowly updating their software.
(via Computer World)