Opening This Image File Grants Hackers Access to your Android Phone (Feb 7, 2019)
Google noted a critical vulnerability in the Android operating system framework that could allow a threat actor to execute arbitrary code and obtain privileged access. To exploit this vulnerability, a threat actor would need to send a malicious Portable Network Graphic (.PNG) file to a user's Android device, and would be triggered upon opening the file. This vulnerability has not been observed in the wild yet. Android versions 7.0 to 9.0 are affected.
Recommendation: It is recommended that users update their Android systems as soon as software updates are released to prevent exploitation of vulnerabilities. Never open files that are sent from unknown users and always verify the authenticity of emails and messages prior to opening any attached files or clicking any links.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.