From the 11 vulnerabilities found, Samsung already fixed 9 of them through their Maintenance Patch in October. But 3 of them remain. The good thing is that those two vulnerabilities that remain have lower severity.
CVE-2015-7898 and CVE-2015-7895 require an image to be opened in Samsung Gallery, which does not have especially high privileges and is not used by default to open images received remotely via email or SMS (so an exploit would require the user to manually download the image and open it in Gallery). The other unfixed issue, CVE-2015-7893 allows an attacker to execute JavaScript embedded in emails, which increases the attack surface of the email client, but otherwise has unclear impact.
The majority of these issues were fixed on the device Google tested via an OTA update within 90 days, though three lower-severity issues remain unfixed. It is promising that the highest severity issues were fixed and updated on-device in a reasonable time frame.
More seriously was what Lookout found this week. The team has revealed that it’s so hard to get rid of, once your smartphone
is infected, you’re better off throwing it in the bin (is that bad??). According to Lookout there are thousands of samples of the malware floating around on various app stores.
Named Shedun, Shuanet, and ShiftyBug, they all share the same code and use similar tactics to infect the victim’s phone.
Lookout has detected over 20,000 samples of this type of trojanized adware masquerading as legitimate top applications, including Candy Crush, Facebook, GoogleNow, NYTimes, Okta, Snapchat, Twitter, WhatsApp, and many others.
Unlike older types of adware that were blatantly trying to access devices, this new type of adware is silent, working secretly in the background.
Unbeknownst to the user these malicious apps root the device with victims unlikely be able to uninstall the malware.
Lookout says this may leave them with the options of either seeking out professional help to remove it, or simply purchasing a new device.
It’s thought most of the infections are coming via third party app stores, with Android users being advised to only download trusted apps from Google’s Play Store.
