The security research team of Microsoft has recently flagged some apps that pose a serious threat to Android smartphones and those apps have been downloaded by more than 1.5 billion users. Microsoft’s Threat Intelligence Team in a blog post said, “We identified several vulnerable applications in the Google Play Store that represented over four billion installations. We anticipate that the vulnerability pattern could be found in other applications.”
Microsoft brought attention to two applications: Xiaomi’s File Manager, with over 1 billion installs, and WPS Office, which boasts over 500 million installs. Upon discovering a security vulnerability, Microsoft promptly notified Xiaomi, and the issue was resolved after the disclosure, with Xiaomi addressing the flaw. Similarly, WPS Office has also released an update to rectify the vulnerability in their app. Although the problem was resolved in February, users are advised to update these apps on their Android devices promptly if they have them installed.
ALSO READ | Scared Of AI Taking Away Your Job? Here's How You Can Harness The New Tech & Become Irreplaceable
What Threats Do These Apps Pose?
As per Microsoft, the malicious app can overwrite some server settings allowing it to “communicate with an attacker-controlled server and send the user’s authentication tokens or other sensitive information.”
Microsoft suggests that users maintain the latest versions of mobile applications by using the Google Play Store (or another trusted source), which ensures that updates addressing known vulnerabilities are installed. “Users should only install applications from trusted sources to avoid potentially malicious applications,” said Microsoft.
Additionally, Microsoft reported sharing its findings with Google's Android Application Security Research team and working with Google to assist Android app developers in identifying and steering clear of such patterns.
Microsoft’s Threat Intelligence Team noted, “As threats across all platforms continue to evolve, industry collaboration among security researchers, security vendors, and the broader security community is essential in improving security for all.”