Android users urged to check their smartphone apps as new threat uncovered

Google Android users are being urged to check the apps they have installed on their phones. The alert has come via the team at Twitter who recently received a report about a malicious mobile software that could allow hackers access to personal data.

Whilst the social network is keen to point out that the threat isn’t due to any issues within its own software, some rouge apps could potentially leave users open to attack.

Explaining more, the social network said: “Our security team has determined that the malicious SDK, which could be embedded within a mobile application, could potentially exploit a vulnerability in the mobile ecosystem to allow personal information (email, username, last Tweet) to be accessed and taken using the malicious SDK. While we have no evidence to suggest that this was used to take control of a Twitter account, it is possible that a person could do so.”

Although no accounts were put in the hands of cybercriminals, Twitter has confirmed that evidence has been discovered that shows this attack has been used to access some Android accounts.

Twitter says that if you don’t recognise any of them or if you no longer use them, it is recommended that users revoke access to keep your account secure.

“We think it’s important for people to be aware that this exists out there and that they review the apps that they use to connect to their accounts,” said Lindsay McCallum, a Twitter spokeswoman told CNBC.

Along with Twitter, it’s also being reported that some Facebook user may have been targeted by the same attack.

In a statement, the social network said: “Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores.

“After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn.

“We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts.”

source: express.co.uk