Researchers have confirmed that a widely used Android mobile ad library app poses a significant threat to mobile users. The ad library has been dubbed “Vulna” (or “vulnerable and aggressive”), which allows attackers to “perform dangerous operations such as downloading and running new components on demand.”
The scope of the problem is significant—researchers “have analyzed all Android apps with over one million downloads on Google Play, and found that over 1.8% of these apps used Vulna. These affected apps have been downloaded more than 200 million times in total.”
Developed by third-parties, mobile app libraries are used to display advertisements from other “host apps.” This class of software also collects International Mobile Subscriber Identity (commonly referred to as “IMSI”) and International Mobile Equipment Identity (commonly referred to as “IMEI”) codes. What makes Vulna dangerous, therefore, is its ability to amass call record details and SMS text messages, as well as allow for the execution of malicious code.
“Vulna is aggressive—if instructed by its server, it will collect sensitive information such as text messages, phone call history, and contacts. It also performs dangerous operations such as executing dynamically downloaded code. Second, Vulna contains a number of diverse vulnerabilities. These vulnerabilities when exploited allow an attacker to utilize Vulna’s risky and aggressive functionality to conduct malicious activity, such as turning on the camera and taking pictures without user’s knowledge, stealing two-factor authentication tokens sent via SMS, or turning the device into part of a botnet.”