Using Android? Well, maybe it’s time for you to carefully pick files you want to download. Hacking has evolved. This time, it’s not about adware, ransomware, or other common malwares. This time, it’s about your MP3 and MP4 files.

Enjoying your MP3? It’s better to watch for Android malware

Zuk Avraham and Joshua Drake, security experts from Zimperium Labs, were the first to find this security hole. At first, they were curious about how safe Android device is. It’s a global-leading mobile OS, so it should be safe enough. That’s how they though. However, they were truly disappointed when they discovered the fact. It appears that Google is not serious enough in fighting Android malware. Why? When you receive an upgrade over your current OS, it includes your security upgrade. It’s made to ensure your security. However, what if this update missed something? Well, that’s our problem here. Our Android malware ‘lives’ in the very core of Android native code. It has been there since Android 1.0. Not even Google recognized. So, we’re just a bit curious. Are they even serious about the upgrade?

Android Malware Stagefright 2

Let’s leave the previous question to Google. Our part here is to counteract the Android malware. Meanwhile, we can all it Stagefright 2. So, how does this malware works? Using the Android security hole (libutils), any cyber criminal can plant malware in MP4 and MP3 files. This Android malware doesn’t even require you to download the files. All it needs is playing preview. Once you played the preview of an infested Mp3 or MP4 files, you can say welcome to the malware inside your device.

That’s terrible. How can I spot the malicious files?

Well, apparently none of us can. Unless you dig through the code, you won’t find them suspicious. Pretty clean, is it? Android 1.0 was released back in 2008. Since then, you probably have enjoyed thousands of videos and MP3s. Yet, we had no idea that our Android device is lack in its security. With more than 1.4 billion Android devices worldwide, can you imagine how serious the threat is?

A malware inside your favorite MP3 songs and MP4 videos

How to Avoid this Android Malware

Let’s imagine you’re listening to your favorite music. The song was great and you love it. However, while you’re still listening, someone takes control of your device. Few hours later, you found your information available online. Can you imagine that? I don’t think there’s a better word to describe it than disappointing.

So, how can you avoid this android malware?

Browse carefully. MP4 and MP3 files are not so easy to inject with malware. If someone wanted to do it, then he would make sure his ‘hard work’ will be paid. How? By getting people to ‘download’ the files. If I were them, I would choose recently released songs, videos, and movies. Then, I would pick series of keyword. These keywords are related to infested media I made. Therefore, if someone typed those keywords, my fake webpage would appear as the top results. Next, I only need to wait until someone heads to my webpage. At this moment, their curiosity will be the key to everything. If my ‘media’ was interesting enough, they’d at least play the preview. I don’t need them to download the files. The preview is enough. The next thing that will happen is my victory. They’d have my Android malware inside their device.

If you’re not familiar with this tactic, it’s called phishing.

So, if I were you, I would only download files from trusted sources. Before downloading anything, make sure you’ve cross-checked their reputation online. That will help you avoid this Android malware.

How Google Reacts with this Android Malware

What’s the best thing of having a company with world’s best engineers in it? You can solve problems quickly. That’s how Google works.

The company recognized the issue and promised to bring immediate security patch. As of September 10, Google released two security patches: CVE-2015-6602 and CVE-2015-3876. As we speak, your device manufacturer is working hard to make the patches available soon. It shouldn’t be too long until these patches are available to download. That time, everyone can enjoy their favorite music and video without worrying about the Android malware.

In any case, you need to know how to protect your Android device even more, why don’t you check what VPN Asia can do for you?