GODDAMMIT. THE ANDROID-BOTHERING STAGEFRIGHT malicious software bastard is back and looking to ruin your day.
News of this new variant comes to us via a security watching firm called Northbit.
Stagefright, which came out at a time when malware came with its own logo, put the willies up the Android community, and sent shudders through users.
Northbit spoke to Wired after releasing its paper and a video about the threat. The attack is called Metaphor, and according to Northbit it is as nasty.
Northbit claims to have already successfully tested this, and remotely hacked a phone, in fact a few phones. The video (below) shows the firm successfully testing the exploit on a Google Nexus 5 handset, and the security firm says it has managed to do the same on an LG G3, HTC One and Samsung Galaxy S5.
The research outfit added that the exploit can be used against Stagefright on Android 2.2, 4.0, 5.0 and 5.1 which means that millions of devices are at risk, but notes that other versions of Android are not affect.
The video shows how maddeningly simple it is to infect a user, using, in this case, a cutesy cat videos as a lure.
"Our research managed to get it [the attack] to the level of production grade, meaning that everyone - both the bad guys and good guys, or governments - could use our research in order to facilitate it in the wild," the firm told Wired.
"We managed to exploit it to make it work in the wild," it added. "Using the same vulnerability, it is possible to gain arbitrary pointer read to leak back to the web browser and gather information in order to break the ASLR (address space layout randomisation)." µ
To hear more about security challenges, the threats they pose and how to combat them, sign up for The INQUIRER sister site Computing's Enterprise Security and Risk Management conference, taking place on 24 November.
The week in Google
The scandal that just keeps giving
Clip to the end....