A flaw in Google’s Android operating system allows hackers to hijack a seemingly safe app and sneakily replace it with their own malware, according to Palo Alto Networks.
The bug lets hackers quietly increase permissions on third-party apps until they are able to take the data they want, with the problem said to affect around half of Android devices.
Ryan Olson, intelligence director of Unit 42 at Palo Alto, said: "This Android vulnerability means users who think they’re accessing legitimate applications with approved permissions may instead be exposed to data theft and malware.
"We urge users to take advantage of the diagnostic application provided by Palo Alto Networks to check their devices, and we thank Google, Samsung and Amazon for their cooperation and attention."
The malicious apps tend to be disguised as flashlights or mobile games, and initially display a false set of permissions to trick the user into believing they are safe.
Whilst Palo Alto has worked with Google and device manufacturers Samsung and Amazon to patch the bug, some older versions of Android could still be vulnerable.
Concerned users are advised to download apps only from the official Google Play store, whilst corporate admins are advised not to allow "jailbroken" or "rooted" devices, which have been set up to access third-party stores, to connect to enterprise networks.
