Researchers from Trend Micro reported the Moplus software development kit (SDK) being offered by Chinese search engine, Baidu includes a functionality that can be abused to install backdoors on users’ devices via an Hypertext Transfer Protocol (HTTP) server on the targeted smartphone, allowing attackers to send HTTP requests to port 6259 or 40310 and execute malicious commands. The vulnerability has been included on an estimated 14,112 Android applications, potential impact on 100M Android users
Read More