A new Android malware strain was recently discovered, and it appears to target an unpatched hardware vulnerability.
According to cybersecurity firm Check Point, the Android malware appears to target a specific piece of hardware. More specifically, smartphone processors that are manufactured by Qualcomm. The security firm reports that it discovered more than 400 vulnerabilities on Qualcomm chipsets.
Digital Signal Processing (DSP)
Check Point said that the hardware vulnerability is called Achilles. The malware disrupts the digital signal processing (DSP) function of the processor. It is responsible for handling the fundamental features of a smartphone, like charging, audio, and video.
According to Check Point, the main delivery mechanism of this malware is through download. This means that malicious developers can embed malware into an app. Users who install the infected app will unknowingly activate the malware.
— Tom's Guide (@tomsguide) August 9, 2020
Once the Android malware propagates into the system, hackers can essentially do what they want. They can access user files and location data, and even use the infected smartphone as a spying device. With audio and video functionalities compromised, hackers can use them to gather data from the target.
The malware is also capable of downloading other strains of malware into the target’s device. Essentially, it can launch multiple attacks once it successfully propagates into the target’s device.
In a statement, Check Point writes:
“DSP chips are much more vulnerable to risks as they are being managed as ‘Black Boxes’ since I can be very complex for anyone other than their manufacturer to review their design, functionality or code.”
Defense against malware
Check Point noted that no particular attack had been recorded that uses the new DSP exploit. However, it will only be a matter of time until one malicious user discovers and uses it.
Additionally, Qualcomm said that it was able to fix the vulnerability before anyone has the opportunity to exploit it. However, the company adds that it has not yet released the fix in the form of an update. Hardware patches are some of the most difficult updates to rollout, hence the delay.
In terms of defense against this new malware, tech experts always advise downloading apps on legitimate platforms. Most of the time, these malicious apps are distributed through a third-party online marketplace. These platforms are not secure and are not affiliated with the official Android Play Store.
For now, the best practice to avoid being infected is to download legitimate apps from legitimate sources. Android malware such as this one is usually found in illicit online marketplaces.
Featured image courtesy of OlegDoroshin/Shutterstock