Cybercrooks Exploit the Android Installer Hijacking Vulnerability

Cybercrooks Exploit the Android Installer Hijacking Vulnerability

Cyber criminals have been taking advantage of the recently disclosed Android Installer Hijacking Vulnerability by creating fake download pages for the scanner that detects the flaw. The mobile users are exposed to a number of SMS scams and intrusive advertisements.

Palo Alto Networks reported the Android Installer Hijacking Vulnerability in late March, alarming that almost half of all Android devices have been affected by the flaw. Users can acquire the scanner in the official Google app store.

Intrusive Pop-ups Impossible to Get Rid Of

So far, analysts have reported three fake websites containing what the crooks claim to be a link to the scanner. In reality, users get redirected to unsafe web locations if they click on the download button or a random spot on the page.

Victims complain that on one of the web pages a clingy pop-up kept on appearing even after the browser was restarted, or as the memory was wiped.

Analyst Gideon Hernandez draws attention to the fact that no file was downloaded to the affected mobile device.

Another case was reported, where the download tab led to the legit application on Google Play but redirected the user to a different page first.

Experts have estimated that clicking outside the download button hides an even bigger risk. In this case, the victim is linked to web pages promoting software updates and online surveys.

Hernandez ads that Android app package files were downloaded on the affected device automatically. One of them installed adware on the device while another subscribed the user to a premium SMS service.

The third fake website loads a questionable location, but it tries to analyze the redirects banned by “bad error requests.” The analyst finds this to be a defense mechanism against any attempt to investigate the deceit.

Hernandez concludes that the scam exploits the user’s fear of the bug than the vulnerability itself rather.

Users should visit only legitimate websites where all packages are being verified before they are published.