BlueStacks Flaw Lets Attackers Remotely Control Android Emulator (Jun 25, 2019)
A DNS Rebinding vulnerability was identified in BlueStacks Android Emulator by security researcher Nick Cano in April 2019. BlueStacks Android Emulator is the most widely used Android emulator globally, allowing Windows PC and Mac OS users to run Android applications. The DNS rebinding flaw allowed attackers to gain access to the emulator’s interprocess communications (IPC) functions. DNS Rebinding takes advantage of the ability to set low TTLs on DNS responses so that the attacker can constantly rotate the mapped IPs, allowing the script to bypass Same Origin Policy (SOP) and access the local host. The vulnerability was discovered and reported to BlueStacks, and was fixed in the newest release of BlueStacks 220.127.116.116 on May 27th, 2019.
Recommendation: BlueStacks claims to have over 370 million users of its Android gaming software and the high usage also presents a potentially lucrative target from a threat actor’s perspective. This story can serve as a reminder that parents and guardians should be aware of what software children under their supervision are using because sometimes that software can present security risks and allow for other forms of malicious activity.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.