MasterKey Hack Applications Spotted in the Play Store
A number of applications that harmlessly use the MasterKey vulnerability have been spotted on Google Play.
Two of the apps, Rose Wedding Cake Game – “air.RoseWeddingCakeGame v 1.1.0” and Pirates Island Mahjong Free “air.PiratesIslandMahjong v 1.0.1”, respectively have been last updated in mid-May and are increasingly popular with Android users: while the Pirates Island Mahjong Free has been installed by between 5,000 and 10,000 users, Rose Wedding Cake Game has between 10,000 and 50,000 installs.
There is no need to panic right away: the applications contain two duplicate PNG files which are part of the game’s interface. This means that the applications are not running malicious code -” they are merely exposing the Android bug to overwrite an image file in the package, most likely by mistake. In contrast, malicious exploitation of this flaw focuses on replacing application code.
One thing that is particularly interesting about today’s discovery is the fact that the two applications with this behavior managed to make their way into the Play Store without raising any red flags. However, patched Android distributions such as CyanogenMod will refuse to install the application with the mention that the “Package file was not signed correctly”.
If you’re running an unpatched distribution of Android, you might want to try out our Bitdefender Mobile Security & Antivirus or to install the Antivirus Free scanner for Android, which are both available via the Play Store and detect the MasterKey exploit.
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
FOLLOW US ON
You might also like
April 22, 2021
April 22, 2021
April 13, 2021