The vulnerability allows a hacker to modify a legitimate application, turning it into to malicious program called a Trojan. A hacker does this by modifying the legitimate application’s APK code without breaking the cryptographic signature, thereby, making the hacked application, turned into a malicious Trojan, completely unnoticed by the App Store, the device, or the phone's end user.
Android uses the APK code / cryptographic signature to determine if an application is legitimate and to verify that the application has not been tampered with or modified.
With the malicious Trojan installed on an Android device, it will have access to the Android operating system features and applications. This will allow the Trojan to access data on the device, which includes: emails, SMS messages, documents, stored accounts and passwords.
Also, the Trojan can take control of the device, which will allow it to: make phone calls, send SMS messages, turn on camera, and record phone calls.
BlueBox has released a free application to check if your Android device has any malicious applications installed that can take advantage of the "Master Key" vulnerability. This program can also determine if your Android device has been patched for this “Master Key” vulnerability and provides you with the necessary steps to take, to help protect your device against this threat.
This free application is available at Google Play and Amazon AppStore.
Click on one of the following links to download and install the application:
To prevent your Android device from getting infected with a malware due to the “Master Key” vulnerability, avoid downloading applications (apps) from untrustworthy or suspicious websites.
For Frequently Asked Questions (FAQ) about the "Master Key" bug or vulnerability, click here.
For more information about the "Master Key" bug or vulnerability, click here.
Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search
Note: Some of the information in samples on this website may have been impersonated or spoofed.
Comments, Questions, Answers, or Reviews
To protect your privacy, please do not post or remove sensitive information in or from your comments, questions, or reviews. NB: We will use your IP address to display your approximate location to other users. That location is not enough to find you.
Your comment, answer, or review will be set as anonymous because you are not signed in. An anonymous comment, answer, or review cannot be edited or deleted, therefore, review it carefully before posting. Sign-in.
Write Your Comment, Question, Answer, or Review
Recommendation / Advertisement