Here’s our 3rd disclosure about the JSInterface Remote Code Execution Vulnerability . This time we found some very popular utility tools – Cache cleaners, Browsers, Flashlights etc – that may render your phone vulnerable to an Man-in-the-Middle attack. Want to see how an attacker compromise your phone in 10s using this vulnerability? Check our original demo video here!
The list below are the tools that have been marked as risky in our Trustlook Antivirus. Note: we will not sort every affected app into “malwares”. We do it only when the vulnerability is confirmed exploitable.
Package Name | App Name | Installations |
com.smartanuj.hideitpro | Hide Pictures – Hide It Pro | 5M – 10M |
com.cookpad.android.activities | CookPad – No.1 | 5M – 10M |
mobi.infolife.cache | App Cache Cleaner – 1Tap Clean | 5M – 10M |
com.miumeet.android.client | MiuMeet – Live Online Dating | 1M – 5M |
com.mobisystems.msdict.embedded.wireless.wordnet | Advanced English & Thesaurus | 1M – 5M |
torcia.plus | Better FlashLight HD + LED | 1M – 5M |
name.markus.droesser.tapeatalk | Tape-a-Talk Voice Recorder | 1M – 5M |
net.daum.android.shoppinghow | Shoppinghow | 1M – 5M |
org.detikcom.rss | detikcom | 1M – 5M |
com.adaptiveblue.GetGlue | GetGlue – App for TV & Movies | 1M – 5M |
com.zumobi.android.motortrend | MOTOR TREND News | 0.5M – 1M |
com.speedymarks.android.temperatureFree | Temperature Free | 0.5M – 1M |
com.inbox.boro.lite | Fast Messenger for Facebook | 0.5M – 1M |
com.ft.news | Financial Times | 0.5M – 1M |
com.crowdstar.avatar | Top Stylist | 0.5M – 1M |
com.androidesk | Androidesk Wallpaper | 0.5M – 1M |
kr.or.lug.ontimealarm | OnTimeAlarm | 0.1M – 0.5M |
ru.ideast.championat | Championat.com | 0.1M – 0.5M |
sanmsung.actvity | Samsung Mobile Catalog | 0.1M – 0.5M |
org.espier.browser | Espier Browser | 0.1M – 0.5M |
bg.angelov.horoscope | Numerology Daily Horoscope | 0.1M – 0.5M | Total: | 25.5M – 73.5M |
At last, although the Valentines’ Day has just passed, Trustlook still wants to remind you: Safety First! 😛