Qihoo 360 issued risk warning yesterday

Absrtact: Qihoo 360 issued risk warning yesterday, recently, micro-letter and other variety of Android popular application exposed high-risk horse vulnerability: As long as you click on a friend message or a circle of friends in a Web site, the mobile phone will automatically execute hacker instructions, appear to be installed malicious deduction software, to the good

Qihoo 360 issued a risk warning yesterday, the recent, micro-letter, such as a variety of Android popular applications exposed high-risk "hang the horse loophole": Just click on a friend message or a Web site in the circle of friends, the mobile phone will automatically execute the hacker instructions, appear to be installed malicious deduction software, to send friends cheat messages, contacts and text messages stolen and other serious consequences. Including Android version of micro-letter, QQ, Tencent Weibo, QQ browser, fast seeding, Baidu Browser, Jinshan browser, such as a large number of applications are exposed to the same type of vulnerability.

The claim of a horse-hanging loophole stems from "horse attack". Horse attack refers to the attacker to gain control of the site, by tampering with the Web page content, embedded in the page malicious code. 360 Security Center After monitoring the information, the first analysis, found that such a vulnerability is due to micro-credit applications such as the application developer error using the Android System WebView development interface. Previously, Google has made it clear in the Android developer documentation that "This interface in WebView can cause serious security problems." Try not to use this interface unless you can guarantee that the content loaded in WebView is written by yourself. "Many domestic application developers have ignored this safety code, leading to a large-scale outbreak of the mobile phone horse loophole."

According to the vulnerability attack path analysis, this mobile phone hangs the horse flaw mainly affects the chat application and the handset browser. In micro-letters and other chat applications, just click on the public account or friends sent a malicious Web site message will recruit, users should avoid clicking unfamiliar suspicious links.