A vulnerability in the Android operating system could expose up to half of all Android users to remote takeovers by hackers.
Security research firm Palo Alto Networks on Tuesday revealed a flaw that allows cyberattackers “to modify or replace a seemingly benign Android app with malware, without user knowledge,” according to a blog post.
But hackers can only co-opt apps downloaded from third-party app stores, not the Google Play store.
If a user does download an affected app, the consequences could be dire.
“The malicious application can gain full access to a compromised device, including usernames, passwords, and sensitive data,” Palo Alto Networks said.
Android has over 1 billion users worldwide, meaning the flaw could affect nearly 500 million people. So far, however, there is no evidence hackers have exploited the bug.
Palo Alto Networks has informed Google of the issue and released its own app that will diagnose an Android device.