THIRD PARTY Android distributions such as Cyanogenmod has been targeted by malware that exploits the use of publicly available private keys.
The vulnerability in third party Android distributions stems from the use of private keys that are available publicly in Google's Android Open Source Project. Android by default allows the installation of applications without user intervention that have the same private key as the operating system itself.
Mobile security firm Lookout labeled the Android malware as jSMSHider and said that it is predominantly targeting Chinese Android users. The application itself communicates with a remote server and can read and send text messages, install additional applications and open webpages.
The popular Cyanogenmod distribution has fixed the security hole with its Cyanogenmod 7.0.3 release. The Cyanogenmod team recommends that all users upgrade, saying that the latest version does not allow applications to be installed with platform keys on user-controlled storage.
Lookout claimed that the malware was found on a limited number of devices and it expects the impact to be limited. µ