Android-Malware

Firefox for Android Can Easily Be Tricked Into Running Malicious Code

September 11, 2013 - Written By Keith Myers

While many would agree that mobile devices are increasingly becoming a target for mobile malware, the proliferation of malicious code often relies on targeting a security hole in third-party applications. AndroidPolice.com made us aware of one of the latest exploits in Firefox for Android. The exploit actually exists in both the production and beta versions of this popular browser.

Essentially the exploit takes advantage of the fact that Firefox for Android allows a web server to force a download of an APK file (Android application package) to a users device. This in itself is not bad however Firefox for Android then immediately launches the Android Installation Tool Screen to install the application package.

MalwareExample

Although the user must still agree to the installation and grant permissions to the application, malware developers have gotten cleaver with the naming of the packages to make the user believe they are installing a “Firefox Security Upgrade” or an “Android System Upgrade”. Malware manufacturers will often use official looking application icons (such as the Stock Firefox Icon) to attempt to gain the users trust. The video below shows how the exploit works.

In order to be effective, the user must visit an infected webpage on the Firefox for Android browser. In the above video, a test web server was used however with the growing number of webpages being defaced, including MIUI.us, the threat is real. In fact, there are already reports coming in that this exploit is already being used in the wild.

Once the malware is installed, it can do a number of things including;

  • Download more malware

  • Send premium SMS messages

  • Attempt to gain root access and install itself (or additional payloads) as system applications

  • Scrape contact information and use SMS phishing attacks against your friends.

  • And much more.

If you are using Firefox for Android, we advise you to switch browsers until Mozilla publishes an update to address this serious flaw. There is currently no setting to disable this behavior at this time. Chrome is a great choice as well as Dolphin. You can also minimize your exposure by following the safety tips below;

  • Turn off the ability to install non-market applications

  • Carefully review all application permissions before installing applications

  • Do not install any application “upgrade” unless it specifically comes from the Google Play Store if installed via the play store. Google’s guidelines actually forbid external updates. If you device does not have access to the Play Store, pay careful attention to your Application Store’s upgrade mechanism.