Microsoft has issued a warning about a vulnerability pattern found in several popular Android applications that have been installed on over 4 billion devices. The vulnerability, named ‘Dirty Stream,’ allows cybercriminals to execute malicious code and steal login tokens. Microsoft’s Threat Intelligence team discovered this vulnerability, which affects many of the most popular apps available on the Google Play Store.
This vulnerability enables malicious actors to gain full control of an application by executing arbitrary code. By stealing tokens, cybercriminals can access user accounts and sensitive data. Researchers began informing developers about this vulnerability in February, and updates have been released to address it. Microsoft is working with Google to provide guidance for Android developers on how to recognize and avoid this vulnerability pattern.
The affected applications are all well-known ones that users have downloaded from the Google Play Store. Examples include Xiaomi File Manager and WPS Office, which have already been successfully patched. This vulnerability is found in the data and file exchange system on Android devices, specifically in the content provider system used to exchange data between applications. An incorrect implementation of this system can introduce vulnerabilities that allow malicious actors to bypass security measures and take control of an application.
To protect against this threat, users should keep their applications and devices updated regularly. Microsoft recommends using tools like the Android app security guide and the Android Lint tool to identify potential vulnerabilities in apps before installing them on their devices. By taking proactive steps now, we can help prevent this type of attack from happening again in the future.