Three new families of "auto-rooting adware," detailed by security researchers at Lookout, are "a worrying development in the Android ecosystem" because each can root the device and install itself as a system application, making the contamination virtually impossible to remove as the infection is designed to survive even a "factory data reset" device wipe.
Researchers have uncovered a new type of Android adware that's virtually impossible to uninstall, exposes phones to potentially dangerous root exploits, and masquerades as one of thousands of different apps from providers such as Twitter, Facebook, and even Okta, a two-factor authentication service.
Security researchers from Trend Micro have discovered that a software development kit used by thousands of applications is leaving Android users at risk.
The Moplus SDK was created by Chinese firm Baidu and is susceptible to backdoor functionalities. It is believed that approximately 100 million Android devices users are affected.
The Stagefright vulnerabilities are the gifts that keep on giving.
Months after the potentially devastating security flaws in the mobile OS were publicly disclosed, Google continues to send out patches addressing vulnerabilities related to the initial reports.
Soon after Dutch newspaper Volkskrant reported [in Dutch] about the Android vulnerability on the 27th of June, some members of the (security) community raised concerns about our attack.
It would be "nothing new" and "overrated". Some people [in Dutch] suggested that having a strong password already helps a lot, while others doubt the possibility of uploading malicious code on the Google Play Store and/or maintain that your phone will display plenty of warnings if you were to try this attack. They all miss the point.