Popular utility tools are marked as "Risky" by Trustlook

utility harmless1 

Here’s our 3rd disclosure about the JSInterface Remote Code Execution Vulnerability . This time we found some very popular utility tools – Cache cleaners, Browsers, Flashlights etc – that may render your phone vulnerable to an Man-in-the-Middle attack. Want to see how an attacker compromise your phone in 10s using this vulnerability? Check our original demo video here!

The list below are the tools that have been marked as risky in our Trustlook Antivirus. Note: we will not sort every affected app into “malwares”. We do it only when the vulnerability is confirmed exploitable.

Package Name App Name Installations
com.smartanuj.hideitpro Hide Pictures – Hide It Pro 5M – 10M
com.cookpad.android.activities CookPad – No.1 5M – 10M
mobi.infolife.cache App Cache Cleaner – 1Tap Clean 5M – 10M
com.miumeet.android.client MiuMeet – Live Online Dating 1M – 5M
com.mobisystems.msdict.embedded.wireless.wordnet Advanced English & Thesaurus 1M – 5M
torcia.plus Better FlashLight HD + LED 1M – 5M
name.markus.droesser.tapeatalk Tape-a-Talk Voice Recorder 1M – 5M
net.daum.android.shoppinghow Shoppinghow 1M – 5M
org.detikcom.rss detikcom 1M – 5M
com.adaptiveblue.GetGlue GetGlue – App for TV & Movies 1M – 5M
com.zumobi.android.motortrend MOTOR TREND News 0.5M – 1M
com.speedymarks.android.temperatureFree Temperature Free 0.5M – 1M
com.inbox.boro.lite Fast Messenger for Facebook 0.5M – 1M
com.ft.news Financial Times 0.5M – 1M
com.crowdstar.avatar Top Stylist 0.5M – 1M
com.androidesk Androidesk Wallpaper 0.5M – 1M
kr.or.lug.ontimealarm OnTimeAlarm 0.1M – 0.5M
ru.ideast.championat Championat.com 0.1M – 0.5M
sanmsung.actvity Samsung Mobile Catalog 0.1M – 0.5M
org.espier.browser Espier Browser 0.1M – 0.5M
bg.angelov.horoscope Numerology Daily Horoscope 0.1M – 0.5M
Total: 25.5M – 73.5M

 

At last, although the Valentines’ Day has just passed, Trustlook still wants to remind you: Safety First! 😛
1743685_541652419283901_1984493623_n

Multiple Games have been Marked as "Risky App" by Trustlook Antivirus

 

unnamed (1)

We have been monitoring Google Play Store for apps with vulnerabilities and malicious behaviors, updating our Antivirus App once we found them. We recently detected a large number of games that still affected by the JSInterface Remote Code Execution Vulnerability. Currently we have hundreds of vulnerable apps in the list, some of them have 10-50 million installations.

2014-02-06_17-14-13

 

If you are using Android below 4.2 (this includs 75% of Android users), while installed one of the affected apps, you will be vulnerable against an Man-in-the-Middle attack, which allow an attacker to execute arbitrary code on your Android – access your SMS, SD card, or even install an app from internet directly to your phone (DEMO). For example, at the time you connected to an untrusted wifi.

If attackers could compromised a DNS server, launching a DNS hijacking attack, the number of victims could be millions. Such event has once been happened on some largest websites and service providers: Techcrunch: LinkedIn’s DNS hijacking event  and  ZDNet: Baidu(China’s #1 search engine) DNS hijacking event

Once we found an app prone to this vulnerability, we will report it to the vendor. And the app’s affected versions will be marked as “Risky” in our Antivirus App. We also suggest all Android users to upgrade your system to 4.2 or above, for an enhanced security.

Here is part of our list, the games and entertainment apps that we recently found vulnerable under Android 4.2:

Package Name App Name Installations
com.tictactoe.wintrino Tic Tac Toe Pro 10,000,000 – 50,000,000
com.teamsoft.falldown Falldown Classic 5,000,000 – 10,000,000
com.sanguomobile.alipay Three Kingdom Mobile(CN) 2,000,000+
com.sanguomobile.paypal Three Kingdom Mobile(US)
com.miyaware.kokuban Drawing blackboard 1,000,000 – 5,000,000
com.lifecom.youtubestream YoutubeStream(free download) 1,000,000 – 5,000,000
com.skmnc.gifticon A Korean Shopping App 1,000,000 – 5,000,000
com.burtonar.kamasutra Kamasutra Sex Positions 1,000,000 – 5,000,000
com.playon.playonapp PlayOn 1,000,000 – 5,000,000
com.spice.hangman Hangman 1,000,000 – 5,000,000
com.zed.TrdWapLauncher Tone Room Deluxe 1,000,000 – 5,000,000
com.gameforge.xmobile.war War Game 1,000,000 – 5,000,000
com.gameforge.xmobile Vampires Game 500,000 – 1,000,000
com.interpark.shop A Korean Shopping app 500,000 – 1,000,000
com.freeview.appcom.130204 A Korean Shopping app 500,000 – 1,000,000
com.brennasoft.findastarbucks Coffee Finder 100,000 – 500,000
com.msquaredapplications.fantasyvengeance2 Fantasy Vengeance Strategy 100,000 – 500,000
com.wintrino.samegame Bubble break 100,000 – 500,000
com.kludgery.android.pandin PandIn Station Creator 100,000 – 500,000
com.mary.jackpot Jeeto Jackpot GK Quiz 100,000 – 500,000
org.my_pod.mypod MyPOD Podcast Manager Free 100,000 – 500,000
com.gameforge.xmobile.steampunk Steampunk Game 100,000 – 500,000
com.TLapp.BirdHuntingFree Bird Hunting Free 100,000 – 500,000
com.storybird.TetraJewels Tetra Jewels 100,000 – 500,000
com.TLapp.runwaycontrolLite Air Control Runway Free 100,000 – 500,000
com.zumobi.nba Sporting News Pro Hoops 100,000 – 500,000
com.mando.babelrising3dsponsored Babel Rising 3D Sponsored 50,000 – 100,000
com.playtouch.anibric Tap Tap animals 50,000 – 100,000
Total 25,700,000 – 108,700,000