In January security researchers from Symantec identified a Trojan program that tried to install mobile banking malware on Android devices connected to compromised computers by using the legitimate Android Debug Bridge (ADB) command line tool.
While investigating the risks associated with the vulnerability reported by Balic, the Trend Micro researchers identified a second flaw that can be used to crash Android's PackageManager and ActivityManager services.
When this happens, all other processes that depend upon PackageManager also crash, leaving the Android device completely unusable, the researchers said. Apps targeting this second vulnerability can't be installed through the regular Android user interface, but they can be deployed through ADB, which is used by many third-party market clients, they said.
Google has been notified about both vulnerabilities, but users should take the necessary precautions to protect their devices, the Trend Micro researchers said."It's important to treat third-party apps with a healthy dose of suspicion and skepticism as cybercriminals are always on the lookout to find and exploit every nook and cranny in Android devices."
Sign up for MIS Asia eNewsletters.