Researchers at Check Point, one of the leaders in Cyber Security, have confirmed that popular applications on Google’s Play Store continue to be vulnerable to the known vulnerability CVE-2020-8913, which means that millions of Android users are still at significant security risk.
The flaw is rooted in Google’s widely used Play Core library, which lets developers push in-app updates and new feature modules to their Android apps. The vulnerability makes it possible to add executable modules to any apps using the library.
An attacker who has a malware app installed on the victim’s device could steal users’ private information, such as login details, passwords, financial details, and read their mail.
The apps discovered to be vulnerable are:
- Social – Viber
- Travel – Booking
- Business – Cisco Teams
- Maps and Navigation – Yango Pro (Taximeter), Moovit
- Dating – Grindr, OKCupid, Bumble
- Browsers – Edge
- Utilities – Xrecorder, PowerDirector
But, let’s be honest, what does the impact present itself as? The malicious files can inject code into banking applications to grab credentials, while it also have SMS permissions to steal the Two-Factor Authentication (2FA) codes. In addition, it can inject code into social media applications to spy on the victim and use location access to track the device while on IM apps it can grab all messages, and possibly send messages on the victim’s behalf.