Security firm FireEye discovered a malicious strain of malware that infected Android devices according to a company blog post.
The report neglected to provide the name of the app, but it was able to alter the icons of other applications on the phone or tablet’s home screen.
If a user wanted to launch another program, they would be taken to a phishing site that could steal personal information off the device instead of the actual application.
Computerworld mentions one example of how bad this was bug could be:
“The danger is that attackers could modify the icon of a banking application and fool users into divulging sensitive information on a fake website they have created.”
FireEye tested this attack by creating a clone program and submitting it to the Google Play Store for Android apps. The company had no problem publishing the app and users never recieved a warning during the download process. FireEye quickly removed the app.
FireEye wrote that it contacted Google about this issue in October 2013 but a fix wasn’t issued for it until February 2014.
Android users are safe from this issue for now, but FireEye’s report concludes that security vendors need to move more quickly to fix these problems.