On Sunday, security researcher at Def Con security conference, have discussed about the new form of malware and it's pretty scary. The vulnerability 'QuadRooter', named after named after a piece of software native to Android devices with Qualcomm chipsets.
There were four vulnerabilities found on the Android devices that were shipped with Qualcomm chips, and almost a billion Android devices are affected by the "high" risk privilege escalation vulnerabilities.
Attacker trick users to download and install an malicious android apps mainly from third party source. The malware would then exploit one of the four security vulnerabilities of QuadRooter, granting the attacker root access, which means attacker have a full rights and privileges on device remotely.
"We found multiple privilege escalation vulnerabilities in multiple subsystems introduced by Qualcomm to all its Android devices in multiple different subsystems,"One Vulnerability still opened
So far, three of the four flaws have been fixed in Google's last monthly Android security update, but one was not fixed in time for the update's release. While the fourth flaw should be fixed for September's update, Qualcomm has already provided the patch's code, so the fix could come sooner via device manufacturers.