Android attackers started to exploit a vulnerability of the said OS that enables hackers to bundle malware with Android Application Files and evade antivirus products. The vulnerability identified as CVE-2017-13156 and called as Janus was reported to Google in July this year by researchers from cybersecurity firm GuardSquare.
After analyzing the flaw, the security researchers of Google came up with a patch which was included in the December Android Security bulletin. The same has been shared with the device manufacturers and those using Google Pixel 1 and 2 on the Christmas Eve this month.
Cybersecurity Insiders learned that the flaw offers the cyber crooks a privilege to modify apps without breaking their digital signatures. This is done by manipulating the regular process of Android Runtime (ART) loading Dalvik Executable Format (DEX) files and injecting malware loaded DEX files into the header by tricking the Android Runtime compiler to execute it without breaking the signature of the APK file.
In addition to the deployment of rogue application updates, Janus Vulnerability can also be used to mask a malicious payload from security programs. Thus, it helps the cyber crooks intention to evade anti-virus software with ease.
To isolate Android users from all such flaws in future, Google introduced a new signature scheme (version 2) in Android 7.0(Nougat OS) which prevents such attacks. But as most of the Android users are utilizing smartphones loaded with older versions of Android OS the vulnerability percentage of Android users to APK flaw is still high.
