You may know—and be on the lookout for—malware hiding in programs that act legitimate, but aren't. But what happens when apps that are legitimate are unwittingly taken over by malicious users, intent on hijacking their programs?
That's exactly what happened to a group of apps on Android: Microsoft first alerted the world to the issue, called "Dirty Stream," which is a vulnerability that allows malicious apps to take over legitimate ones. Dirty Stream relies on a flaw in ContentProvider, the system that allows different apps to share the same data set. Without it, apps wouldn't be able to communicate with each other or use the same data, reducing functionality and convenience.
Bad actors focused on "share targets," or apps that intercept data and files by other apps, which typically include mail, social media, messaging, and browser apps, among others. Their fake apps would send malicious files to these apps, which would intercept them as they normally would, but inadvertently override important files in its own data set. By exploiting this flaw, bad actors could execute their own code on your device, potentially taking over the device, as well as scraping your data.
Microsoft highlighted a handful of apps that are known to be affected by Dirty Stream, which collectively had over four billion installations. Four of the apps on the list had over 500 million installations each at the time of Microsoft's report. WPS Office, for example, has over 500 million installs, while File Manager has over one billion.
Usually, the advice would be to delete these apps from your phone. But these apps aren't malicious: They were taken over. As such, following Microsoft's notifications, developers took action, and removed the malware from their apps.
How to protect yourself from this new Android malware
As developers patch their affected apps from this Dirty Stream vulnerability, the question becomes: What can you do to protect yourself?
This issue is quite unique as far as malware goes: If a legitimate app can be hijacked for nefarious purposes, what is there for the end user to do? Who would have thought the default file manager app on Xiaomi phones would be taken over like this?
Unique circumstances aside, the usual advice still works here: Be careful what you download. Sure, you couldn't have done anything about the legitimate apps that were infected here, but it took another malicious program to hijack them in the first place. As such, it's more important than ever to be vigilant as you download and install apps on Android.
Your best bet will always be the Google Play Store. While sideloading is a great perk to Android (at least outside of the EU), it comes with the extra risk of downloading a malicious app. Google has protections in place to limit the chances that a malicious app will end up on the market. Of course, that doesn't mean every app on the Play Store is safe. You still need to vet each and every program you decide to install. If something looks fishy about an app, Play Store or not, avoid it.
Unfortunately, it doesn't appear that anyone has shared details about the identities of these malicious apps. Give your phone a scan, and if you see anything that makes you suspicious, delete it.
Microsoft, for its part, recommends you keep all apps up to date, as new patches are issued to protect against these types of malware. In addition, the company advises users to reset credentials in the Xiaomi File Manager app.