Your android device allows you to connect with anyone at anytime, if they are available. Mobile-enhanced shopping and banking sites gives you freedom to buy anything - anywhere. You have millions of applications, that you can install to pimp up your device. But same applications can exploit your business and personal life by stealing your personal information by various intelligent methods.
Researchers at NC State University has uncovered a new vulnerability that expose smishing and vishing threats for Android users. I think you need to know about Smishing first,so it is where the mobile phone user will receive a text message. This text message only purpose is to get the user to click on the link. If you click on the link, you may inadvertently be downloading a Trojan horse, virus, or other malicious malware.
So, researchers found a new way to do such phishing attacks using fake sms, If an Android user downloads an infected app, the attacking program can make it appear that the user has received an SMS, or text, message from someone on the phone’s contact list or from trusted banks. This fake message can solicit personal information, such as passwords for user accounts.
Researchers notified the Google Android Security Team about the vulnerability. One serious aspect of the vulnerability is that it does not require the (exploiting) app to request any permission to launch the attack.
Before the ultimate fix is out, this threat can be mitigated in several ways. For example, users are encouraged to be cautious when downloading and installing apps (particularly from unknown sources). As always, it is important to pay close attention to received SMS text messages, in order to avoid being duped by possible phishing attacks.