THIRD PARTY Android distributions such as Cyanogenmod has been targeted by malware that exploits the use of publicly available private keys.
The vulnerability in third party Android distributions stems from the use of private keys that are available publicly in Google's Android Open Source Project. Android by default allows the installation of applications without user intervention that have the same private key as the operating system itself.
Mobile security firm Lookout labeled the Android malware as jSMSHider and said that it is predominantly targeting Chinese Android users. The application itself communicates with a remote server and can read and send text messages, install additional applications and open webpages.
The popular Cyanogenmod distribution has fixed the security hole with its Cyanogenmod 7.0.3 release. The Cyanogenmod team recommends that all users upgrade, saying that the latest version does not allow applications to be installed with platform keys on user-controlled storage.
Lookout claimed that the malware was found on a limited number of devices and it expects the impact to be limited. µ
Is this a banana I see before me, etc
Bad news for developers, good news for SoundCloud
Windows 10 Pro users kicked in the craw again
It might feature a 3.5mm headphone jack, after all