Part1 从样本看Virtual App在黑产中的应用4月初，Trustlook安全研究人员在使用App Insight对国内某商店进行常规审核时，截获了一个名为“换机精灵”的样本，该应用作为一款换机工具，实则为恶意刷量木马， ...
Imagine in a leisurely afternoon, you are sitting in a coffee shop. You want to search for the latest movie information for tonight’s dating. So you connected to the public wifi called “Starbucks”, and opened the Bing app.
Sounds natural? What you can’t imagine is, at the moment you opened the Bing app (com.microsoft.bing) under an untrusted wifi, your phone or tablet could be hacked completely. The hacker could download and install any malware app to your phone, turn your phone into a tapping device or make unauthorized phone calls, by using a remote code execution vulnerability on the Bing Android app (4.2.0 and lower).
Here is a prove of concept video, an attacker could install arbitrary APK from Internet into your phone, you did not do anything wrong and the only thing you do is to install and open Microsoft Bing.
Trustlook has reported the vulnerability to Microsoft Security 10 days ago, and closely working with Microsoft to get this fixed. The Bing team has fixed this vulnerability in version 4.2.1 which released on Jan 21, 2013.
BTW, Microsoft is not the only vendor that affected by this vulnerability. There are hundreds of vulnerable apps we have found on the play store. The total affected user could reach a billion (http://blog.trustlook.com/2014/01/09/2-years-old-android-vulnerability-still-affecting-billion-users/). We are still working with more vendors to fix this problem.
In order to identify whether your bing app has been infected with this high risk vulnerability, you can download our Trustlook Antivirus application to scan your device. If you want to learn more information, please directly contact us at email@example.com