Janus Vulnerability Lets Hackers Inject Malicious Code Into Android Apps

malicious code

Security experts discovered a malicious code vulnerability named Janus that could inject Android apps with malware without being detected.

A new Android bug identified as Janus has been discovered by security professionals. The vulnerability could potentially give hackers complete access to the device’s system.

When injected into a high-profile app, it can provide all the privileges hackers need without affecting the app’s security signature.

Google engineers have been pretty busy lately as they have successfully patched various bugs in the device operating system as well as those related to the Google Play Store.

The Janus vulnerability is one of the four dozen issues the team has fixed, and luckily users don’t have to worry anymore.

About the Janus Vulnerability

The bug had the privileges to allow a hacker to gain access to a legitimate app’s ecosystem and rewrite the codes within with malware.

The antivirus programs and the operating system may never identify the malware within because it will continue to run in a safe environment on trusted apps.

The serious issue was identified by security researchers at GuardSquare, who confirmed that the vulnerability would allow attacks to bypass anti-malware protection in place on Android.

It could also make use of digitally signed apps from trusted publishers to spread the malware.

Naming Method

The vulnerability was officially labeled with the codename CVE-2017-13156, which was later colloquially renamed as Janus so that it would be easy to discuss it among their peer group and share the information to all experts around the globe.

An interesting naming choice has been opted for because the app can be an APK program, which is a compatible format with Android OS. However, at the same time, it can also be a DEX which is another valid format.

The bug has the ability to be two different programs at once which is how it managed to become a vulnerable program and favored any hacking attempts.

Janus refers to the Roman god of duality, which is what the security experts denote when they refer to this program using the name.

It identifies that the app is capable of being two different programs at once and is considered malicious because of its dual nature.

The nature of the APK is also considered to be a reason that caused this vulnerability because it is more like a RAR program.

When unzipped, additional codes can be added to the original app.

Similarly, DEX is another compression format, and older versions of Android—including 5.0 Lollipop and 6.0 Marshmallow—will check whether a file is in DEX or in APK format before executing it on to the smartphone.

How the Vulnerability Works

VULNERABILITY SCANNING

Thru this vulnerability hackers can inject malicious codes without being detected

The Janus vulnerability makes use of the compression technology used by Android where it inserts additional code bytes to verified APK and DEX files.

As they usually pass the signature verification process, the additional malware will never be identified as it now belongs to a legitimate app.

Google has officially released a fix for this bug in its December 2017 security update, which also addresses many other security issues found in older versions of the OS.

The newer operating systems are considered much more secure as they have improved in terms of coding and sophisticated architecture, thus ensuring they stay safe from malware penetration.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.