Trend Micro researchers have identified a bug in the Android file sharing app SHAREit. The app has over one billion downloads on Google Play Store.
According to researchers, the app contains multiple unpatched vulnerabilities that hackers could abuse to run malicious code on devices where the app is installed and expose sensitive user data.
It is worth noting that SHAREit was one of the 59 Chinese apps that the union government in India banned temporarily and permanently.
Hackers could download and steal data
The app allows sharing and downloading of various file types, including Android Package (APK). However, the vulnerabilities associated with these features are mostly unintended flaws.
Moreover, Trend Micro researchers noted that previously identified vulnerabilities used to download and steal documents from user devices are also linked with this app.
SEE: Security of Millions At Risk Due to Unpatched Android Apps
Furthermore, researchers identified that a hacker could do anything with the app apart from stealing sensitive data. The bug only affected the app’s Android version while the iOS version is safe as it uses a different codebase.
“We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps’ permission. It is also not easily detectable,” Trend Micro android billion users fails flaws expose malware
