You may be aware of and be on the lookout for malware hidden in programs that look legitimate but aren't. But what happens when a legitimate application is inadvertently taken over by a malicious user with the intention of hijacking their program?
That's exactly what happened to a set of apps on Android: Microsoft first notified the world of the issue, called "Dirty Flow," a vulnerability that allowed malicious apps to take over legitimate apps. Dirty Stream relies on a flaw in the ContentProvider system that allows different applications to share the same data set. Without it, apps won't be able to communicate with each other or use the same data, reducing functionality and convenience.
Bad actors focus on "shared targets," applications that intercept data and files from other applications, which often include mail, social media, messaging, and browser applications. Their fake apps send malicious files to these apps, which intercept them as normal but inadvertently overwrite important files in their own data sets. By exploiting this flaw, bad actors can execute their own code on your device, potentially taking over the device and stealing your data.
Microsoft highlighted a number of applications known to be affected by Dirty Stream, which have been installed a total of more than 4 billion times. As of the time Microsoft released its report, the four apps on the list had each been installed more than 500 million times. For example, WPS Office has over 500 million installations, while File Manager has over 1 billion installations.
Usually, the advice is to delete these apps from your phone. But these apps are not malicious: they are taken over. Therefore, according to Microsoft's notification, the developers took action to remove the malware from their applications.
How to protect yourself against this new Android malware
As developers patch affected applications for this Dirty Stream vulnerability, the question becomes: What can you do to protect yourself?
As far as malware is concerned, the problem is quite unique: if legitimate applications can be hijacked for malicious purposes, what is the end user to do? Who would have thought that the default file manager application on Xiaomi phones would be taken over like this?
Special circumstances aside, the usual advice still applies here: be careful what you download. Of course, there's nothing you can do against the legitimate apps infected here, but it first takes another malicious program to hijack them. Therefore, it is more important than ever to be vigilant when downloading and installing apps on Android.
Your best option is always the Google Play Store. While sideloading is a huge boon for Android (at least outside the EU), it also comes with the added risk of downloading malicious apps. Google has protective measures in place to limit the chances of malicious apps ending up in the market. Of course, this doesn't mean every app on the Play Store is safe. You still need to review every program you decide to install. If an app looks suspicious, whether it's the Play Store or not, avoid using it.
Unfortunately, no one seems to be sharing details about the identities of these malicious apps. Scan your phone and if you find anything suspicious, delete it.
Microsoft recommends that you keep all your applications up to date as new patches are released to protect against these types of malware. Additionally, the company advises users to reset credentials in the Xiaomi File Manager app.
