Tag Archive for: WebView

A View Into Web(View) Attacks in Android

/in


James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog.

Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials.

In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets Android and is replacing the classic overlay M.O. (Modus Operandi). These new attacks use the good-old web attack tactics with adjustments made for Android. IBM Trusteer has dubbed these attack tactics Mobile Web(View) attacks because the attack vector is the Android WebView component, and not the browser application (for reasons that will be explained in the following sections).

In this blog, two extremely effective attack techniques are discussed: Web(View) injection attack (based on web injects in the browser) and mobile cookie stealing.

What is a Web Injection Attack?

A web injection attack is a technique used by malware to exfiltrate and manipulate the content of a website from the client side as it is being presented by the browser. During a web injection attack, the malware injects HTML or JavaScript code into the website by running code in the scope of the web browser process that is installed on the victim’s device.

In a web injection attack, what the victim sees in the browser might be different from what is intended by the web server. In addition, every private detail entered by the victim on the website is exposed to the malware.

For example, the JavaScript code that is injected by the malware can extract data from an HTML form that the user has filled in. Using this method, the malware can steal login credentials, credit card numbers, CVVs and so on. That data can then be sent to the command-and-control server (C2C) of the malware operator.

Another common example of a web injection attack is to manipulate the visuals of a website. This type of web injection attack can be used to insert new fields to steal additional personal identifiable information (also…

Source…

Meta Launches New Chromium-Based WebView for Android

/in


Meta has been developing its own Chromium-based WebView for Android for a few years and has now started rolling it out to users of its Facebook app. The new WebView, which has not been open-sourced yet, improves security, stability, and performance, says Meta.

While Android allows users to upgrade the system browser separately from the OS itself, many users update their Facebook app but not Chrome or the WebView app, says Meta.

This WebView can update in sync with Facebook app updates, and function as a drop-in replacement for the System WebView inside the Facebook app without compromising or changing the user experience in any way.

Keeping the WebView up-to-date will thus prevent potential stability and security issues caused by outdated versions. Meta says they will rebase their WebView code on the latest Chromium codebase at regular intervals, thus benefiting of any security patches to the latest Chromium. Additionally, since the Facebook app is now independent from the default OS WebView, when users decide to upgrade the latter, the OS will not need to kill the Facebook app to force it to reload its WebViews.

Most significantly, Meta says its new WebView improves performance by running its compositor, i.e., the component that decides how to display a page, on a GPU thread.

The System WebView compositor needs to account for the various ways Android allows apps to display it. Because of this, it needs to run synchronously with the Android widget layout, which means that it is unable to run in a separate GPU process.

While the new Android WebView has not been open-sourced yet, Meta says they will submit any major changes to upstream Chromium.

Meta’s announcement has raised some privacy-related concerns on Twitter and Reddit. While Meta is not the first vendor to use its own Web-engine for Android, just last month iOS developer and Fastlane creator Felix Krause warned of Meta injecting JavaScript code in the WebViews used by its Instagram and Facebook apps even when visiting external web pages. This is similar to what popular apps like TikTok, Amazon, and others all do, Krause found out. While realizing that injecting JavaScript is not a sign of any…

Source…

WebView security enhanced with SafeBrowsing, renderer processes isolated – Android Community

/in

Android Community

WebView security enhanced with SafeBrowsing, renderer processes isolated
Android Community
To prevent such from happening, Android developers are working on enhancements to this function to ensure important fixes are delivered to the end users. For improved security in Android O, the renderer process will now be isolated in Android O. When

and more »

android security – read more

Google addresses WebView security concerns, makes recommendations on … – Android Authority (blog)

/in

Android Authority (blog)

Google addresses WebView security concerns, makes recommendations on
Android Authority (blog)
If you are still waiting for Google to do something about the WebView vulnerabilities in older Android releases, you may not be a fan of their official response to the matter. Google says they've already fixed it, sort of, but at least offered ways
Google Responds to Concerns Over Widespread Android WebView VulnerabilityNDTV
Google Leaves Some Android Users Vulnerable to HacksWall Street Journal (blog)

all 6 news articles »

“android security” – read more