It’s bad enough that nearly 900 million Android users are impacted by Qualcomm’s QuadRooter vulnerability. Now, we are learning that scammers published two Android apps on Google Play that claimed to fix QuadRooter flaws but instead serve unwanted ads. This clearly is an attempt to exploit the uncertainty about which devices will receive the Android security updates.
The two apps were named “Fix Patch QuadRooter” by Kiwiapps Ltd., and claimed to patch the Android system. Already pulled from Google Play, these apps were malicious. On top of that, one of them required payment (costing 0.99 EUR).
QuadRooter is a set of four vulnerabilities (CVE-2016-2059, CVE-2016-2503, CVE-2016-2504, CVE-2016-5340, CVE-2016-2060) affecting an estimated 900 million Android smartphones and tablets built using Qualcomm chipsets.
All Android users are encouraged to first check their device with the free QuadRooter Scanner app from Trustlook. Then, if they are impacted, users should contact their device manufacturer for a security patch.