Another week, another warning. Following research that showed dangerous apps and malware are on the rise for Android users, another new warning issued this week shows this trend might not be slowing. The latest warning doesn’t concern specific apps, but instead is a critical flaw discovered by the security team at Insinuator which could allow attackers to spread dangerous malware from one phone to another using the Bluetooth connection.
Devices most vulnerable to this shocking new attack are those running Android 9.0 Pie and Android 8.0 Oreo with Google placing a “critical” rating on handsets using this software. Given these versions of account for 38.7 percent of all smartphones and tablets running Android, that’s a lot of devices vulnerable to this Bluetooth bug.
Thankfully, those running Android 10 face much less severe consequences as the worst that can happen on this newer operating system a Bluetooth crash. That shouldn’t put your data at risk, although it could be mightily annoying.
Google is aware of the new attack with its latest security bulletin stating that the bug “could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.”
The US firm has patched the problem, but it’s now vital that Android owners who use versions 8.0 Oreo, 9.0 Pie or 10.0 make sure their phones are fully updated with the latest software.
READ MORE: Android users should delete these apps right now or pay the ultimate price
Android warning as new Bluetooth bug discovered
The researchers who discovered this vulnerability say that once infected it can lead to theft of personal data and could potentially be used to spread malware to other devices.
The team also says that if your smartphone hasn’t received this update there are measures that can help stop your device coming under attack. In a post on its website, Jan Ruge from insinuator.net said: “Users are strongly advised to install the latest available security patch from February 2020.
“If you have no patch available yet or your device is not supported anymore, you can try to mitigate the impact by some generic behaviour rules. Only enable Bluetooth if strictly necessary. Keep in mind that most Bluetooth enabled headphones also support wired analogue audio.
“Keep your device non-discoverable. Most are only discoverable if you enter the Bluetooth scanning menu. Nevertheless, some older phones might be discoverable permanently.”
This latest threat comes just days after yet another swathe of Android apps have been discovered which could put phones at risk.
According to the team Trend Micro, the latest bunch of Android apps that are attacking phones include services which claim to clean up your device and make it faster. However, it appears instead of performing that much-needed task they actually set about installing all kinds of nasty bugs and hidden malware.
To make matters worse, the applications have been downloaded over 450,000 times during their tenure on the Google Play Store.
Explaining more, Trend Micro said: “We recently discovered several malicious optimiser, booster, and utility apps (detected by Trend Micro as AndroidOS_BadBooster.HRX) on Google Play that are capable of accessing remote ad configuration servers that can be used for malicious purposes, perform mobile ad fraud, and download as many as 3,000 malware variants or malicious payloads on affected devices.
“These malicious apps, which are supposed to increase device performance by cleaning, organising, and deleting files, have been collectively downloaded over 470,000 times. Our telemetry shows that this campaign has been active since 2017.”