'Vulnagressive' ad library poses threats: FireEye

An unnamed mobile ad library is exposing Android users to previously undiscovered serious security threats, security vendor FireEye claims.

FireEye said the ad library shares a dangerous combination of aggressive and vulnerable characteristics, so it has codenamed the library ‘Vulna’ after the term ‘vulnagressive’.

A FireEye analysis of all Android apps with over 1 million downloads on Google Play shows that the ad library is in use in 1.8% of these, representing over 200 million downloads.

According to FireEye, the aggressive behaviour includes: an ability to download and execute arbitrary code; collecting sensitive data including a device owner’s email address; and the ability to read and publicly share data including text messages, call history and contact lists.

Vulna also exhibits multiple vulnerabilities, FireEye said. The ad library transfers users’ private information over plain text HTTP and also uses unsecured HTTP for receiving commands and dynamically loaded code from a control server.

FireEye Researchers claim attackers could potentially use the ad library’s broad permissions to delete files and destroy data on demand, send forged text messages from a user’s device, place phone calls and view or take photos without a user’s permission.

They say Vulna’s aggressive behaviours also make it difficult to detect - for example, the ad library obfuscates its code, making traditional analysis difficult.

FireEye added it had notified both Google and the ad library vendor about its discoveries and that both are actively addressing the issues.

Image courtesy of Irita Kirsbluma under CC