A popular Android mobile ad library available on Google Play can be used to collect device data or execute malicious code, security researchers have discovered.
The most alarming aspect to the library is that close to 2 percent of Android apps with more than 1 million downloads on Google Play use this particular library, and those apps have been downloaded more than 200 million times, researchers at FireEye said yesterday.
“Vulna [also] contains a number of diverse vulnerabilities,” FireEye researchers said. “These vulnerabilities when exploited allow an attacker to utilize Vulna’s risky and aggressive functionality to conduct malicious activity, such as turning on the camera and taking pictures without user’s knowledge, stealing two-factor authentication tokens sent via SMS, or turning the device into part of a botnet.”
One of the vulnerabilities discovered by FireEye is the practice of transferring users’ private information in plain text over HTTP allowing an attacker to view it. It also uses HTTP for receiving orders from its command and control server. “An attacker can convert Vulna to a botnet by hijacking its HTTP traffic and serving malicious commands and code,” the researchers said
