Summary

  • Internet users face malware risks – implement serious precautions to safeguard personal data.
  • New Dirty Stream malware targets Android apps by exploiting vulnerabilities in data-sharing systems.
  • Flawed implementation affects billions of Android app installations – developers urged to rectify issues promptly.



Every user connected to the internet or smartphone is a potential target for malware and bad actors. It’s crucial to understand that these threats are not to be taken lightly. Users must implement serious precautionary measures to safeguard their personal data and thwart hackers’ access. However, the battle against malware and viruses is an ever-evolving one. These disastrous apps have become adept at disguising themselves as legitimate releases to evade detection. A recent discovery by Microsoft security teams has unveiled a new, potentially devastating malware that’s setting its sights on Android apps.


Related

Android 15 can choose which permissions sideloaded apps get to use

Enhanced Confirmation Mode soon to be available on Android 15

As reported by Bleeping Computer, the “Dirty Stream” malware can lurk in Android applications. It relies on arbitrary code execution and overwrites files in another application’s home directory to steal a user’s data (via Android Authority).

Dirty Stream abuses Android’s content provider system to unlock access to data. This system manages access to structured data and facilitates safe data sharing between multiple applications. Additionally, it has some safeguards in place, such as data isolation and URI permissions, to block any unauthorized access to the data stored on Android apps.




Dirty Stream vulnerability is targeting Android apps

Microsoft notes that Android apps rely on “custom intents” to share data and communicate. Meanwhile, the faulty implementation of custom intents allows Dirty Stream malware to bypass security measures and gain access to data. This vulnerability could result from failing to check the filenames and paths in intents, misusing FileProvider components, or inadequate path validation, exposing the user’s data to the bad actor.

The modus operandi of Dirty Stream is deceptively simple yet alarmingly effective. The malware capitalizes on custom intent to dispatch a file with a manipulated filename or path to another Android app on the phone. Since the package appears genuine to the recipient, the targeted app unwittingly executes or stores the filename or path in its critical directory. In the final stage, the bad actor can execute codes and pilfer data.



The gravity of the situation becomes apparent when we realize that the flawed implementation is affecting Android apps with a staggering four billion installations. Microsoft researcher Dimitrios Valsamaras warns, “We anticipate that the vulnerability pattern could be found in other applications. We’re sharing this research so developers and publishers can scrutinize their apps for similar issues, rectify them as necessary, and prevent the introduction of such vulnerabilities into new apps or releases.”

Two prominent apps targeted by Dirty Stream are Xiaomi’s File Manager application, which has over a billion installations, and WPS Office, which has around 500 million installations. Both companies were informed of the issue and are trying to implement fixes. Google has also updated its app security guidance to inform the Android developer community of the problem.