Home > Software Reviews > Legitimate Applications for Windows OS Can Be Replaced By Rogue Ones

Legitimate Applications for Windows OS Can Be Replaced By Rogue Ones

Legitimate Applications for Windows OS Can Be Replaced By Rogue Ones
The developers in the mobile phone industry have figured out an easy strategy to replace a legit Windows Phone application with a malicious one that receives the permission for accessing information.

The technique is not complicated at all – the installation information of the rogue application is being transferred to the program directory of the targeted system.

The 8.1 version of Microsoft’s mobile OS presents the users with the opportunity to side-load applications from an SD card. This feature is imperative for the hack, which was first detected by a member of an XDA-Developers forum using the alias “djamol”. He explains that the process is quite simple:

  • First of all the same manifest for the malicious application has to be created like the one for the legitimate app.
  • Then they need to be installed on the targeted device.
  • The next step is to replace the files in the program directory of the authentic software with the custom package’s content.
  • In the end, the malicious app is supposed to start with the same permission as the original one.

The whole process was tested by the developer. For the experiment, he used a Lumia device.

According to the same forum post, a registry tool that allows writing registry values with the acquired permissions has been developed as well.

This flaw may make malicious attacks targeting Windows Phone users possible since the rogue code can be modified to target trusted apps that have access to information desired by the cyber criminals.


Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share