Android fans who are yet to update their devices to Android Oreo have told by experts that they are at risk of a new malware attack.
Android Oreo launched last month, with the latest version of Google’s smartphone OS currently only available for a handful of devices.
Android Oreo includes a slew of tweaks and minor improvements to the smartphone and tablet operating system.
The eighth major software iteration includes notification dots on app icons, picture-in-picture video playback, and autofill to quickly and securely enter passwords and other personal information in website forms.
Oreo will also restrict background apps from draining the battery to help eek more usage from each charge.
But while the update offers more of a refinement of the Android experience than a wholesale revision, there’s one very important reason to upgrade.
Security experts have warned that those who have not upgraded yet to Android Oreo are vulnerable to a terrifying new malware threat.
Palo Alto Networks revealed all unpatched Android phones that have not upgraded to Android Oreo are at risk from a “high-severity vulnerability”.
The threat effects any Android user running a version older than Oreo, and sees victims at risk from an overlay attack.
The malware draws up a fake screen for users to click on which hides what’s really happening.
Worst case scenario, it could allow the malicious software to take control of the phone and render it unusable.
It could then install ransomware software of malware that is capable of stealing sensitive information.
Anyone using an Android phone that is running an Android version earlier than Oreo can download a patch today to rectify the issue.
However, Palo Alto Networks said Android should have prevented the overlay attack as there were two big hurdles the malware had to bypass.
In a blog post, security expert Christopher Budd said: “Everyone has believed that malicious apps attempting to carry out overlay attacks must overcome two significant hurdles to be successful.
“One – they must explicitly request the “draw on top” permission from the user when installed.
“Two – they must be installed from Google Play.
“These are significant mitigating factors and so overlay attacks haven’t been reckoned a serious threat.”
The vulnerability discovered by Palo Alto’s Unit 42 threat research team bypasses these requirements.
It exploits a notification type called Toast that Android documentation describes as “a view containing a quick little message for the user.
Budd added: “In light of this latest research, the risk of overlay attacks takes on a greater significance. Fortunately, the latest version of Android is immune from these attacks ‘out of the box.’
“However, most people who run Android run versions that are vulnerable. This means that it’s critical for all Android users on versions before 8.0 to get updates for their devices.
“You can get information on patch and update availability from your mobile carrier or handset maker.”
The news comes after Express.co.uk revealed that Samsung Galaxy S8 and Galaxy S8+ owners could be getting an upgrade to Android Oreo soon.
The South Korean technology company is believed to be hard at work on a custom version of Android 8.0 for its flagship smartphone range.
According to technology blog SamMobile, Samsung is forging ahead with an accelerated schedule for the launch of Oreo.
SamMobile, which has a strong track record when it comes to Samsung leaks, claims the technology firm may initiate a “beta-testing program for early adopters, like it did for the Galaxy S7 and S7 Edge“ soon.
The Android 8.0 update for Samsung Galaxy S8 and Galaxy S8+ will be called G955FXXU1BQI1 and G950FXXU1BQI1, SamMobile claims.