A few days ago, an advertisement for a zero-day vulnerability in Firefox for Android appeared on Inj3ct0r, an exploit database.
The author, “fil9″, was just registered to the site last month, and claims the exploit works on Firefox versions 23/24/26(Nightly) for Android.
Malware authors creating fake Android markets where they provide a familiar look and feel of the real Google Play to exploit users is not a new concept, and we’ve talked about it in previous blogs.
Recently, we’ve found fake markets that are created with such detail that it’s almost hard to tell the difference between which is real the real Google Play and which is a scam.
In a recent study, the Department of Home Land Security (DHS) and the FBI reported 79 percent of all malware targeting mobile devices was directed at Android devices. There is also concern over the amount of users still using older, more vulnerable versions of the OS.
As Google improves Android, more disparaging press for the world’s most popular mobile operation system.
Seeing advertising in your Android app is something we’re used to and for the most part we tolerate.
But there are some advertisers who take it a whole different level. These advertisers want to be in your face and aggressive about what they’re pushing. They bring their advertising to the notification bar and add home screen shortcuts to more advertising.
To me, they’ve always been the scourge of the Android ecosystem and Google has taken another step to eliminate them.
Apple, for the most part, has been able to escape the wrath of malware authors compared with its main competitor, Android.
When talking about malware on iOS, most of the time we hear more about proof-of-concepts getting into the App Store than actual malware.
However, researchers from the Georgia Institute of Technology have discovered a way to circumvent Apple’s “walled gates” and managed to get an app with malicious behaviors past Apple’s review process. Dubbed “Jekyll Apps”, these apps look benign on the surface but contain hidden code revealed at run-time.