Microsoft Says Dirty Stream Vulnerability is Affecting Android Apps

Internet users are at risk of malware, necessitating stringent protective measures to secure personal information. 

A newly identified malware, dubbed Dirty Stream, specifically targets Android applications by exploiting vulnerabilities within data-sharing protocols. 

A faulty implementation impacts billions of app installations on Android, with developers encouraged to address these issues swiftly.

Every internet or smartphone user is a potential malware target, posing serious security risks. It’s vital to adopt stringent measures to protect personal information and block hackers’ attempts to gain access.

The fight against malware is constantly evolving. Malicious applications are increasingly masquerading as legitimate software to avoid detection. The Microsoft security teams recently identified a new and potentially dangerous malware affecting Android applications.

According to Bleeping Computer, Dirty Stream malware can be hidden within Android apps. It performs arbitrary code execution and overwrites files in another app’s directory to extract user data (reported by Android Authority). Dirty Stream exploits Android’s content provider system, which regulates data access and ensures secure data exchange among apps. The system has protections like data isolation and URI permissions to prevent unauthorized data access in Android applications.

Dirty Stream vulnerability targets Android apps

Microsoft points out that Android applications use “custom intents” for data sharing and interaction. However, improper custom intent handling allows Dirty Stream malware to circumvent security protocols and access data. This vulnerability may arise from not verifying filenames and paths in intents, misusing FileProvider components, or insufficient path validation, which exposes user data to malicious entities.

Dirty Stream’s method is straightforward yet profoundly effective. It leverages a custom intent to send a manipulated filename or path to another app on the device. The recipient app, mistaking it for a legitimate package, inadvertently processes or saves the manipulated data in its essential directory. This allows the malicious actor to execute codes and steal data.

The severity of this issue is highlighted by its impact on Android applications, with approximately four billion installations. Microsoft researcher Dimitrios Valsamaras cautions, “This vulnerability pattern may exist in other apps as well. We are disclosing this research so developers and publishers can examine their applications for similar vulnerabilities, make necessary corrections, and prevent such issues in future releases.”

Two major apps affected by Dirty Stream are Xiaomi’s File Manager and WPS Office, which have over one billion installations and approximately 500 million installations. Both companies have been notified about the vulnerability and are working on solutions.

Google has also revised its app security guidelines to alert the Android development community about this issue.