SHAREit is one of the popular application having billion of downloads and used for sharing or transferring files between devices is consist various unpatched malware vulnerabilities that may leak the user data, remote code execution and execute arbitrary code.
After proper analysis experts find out the application consists of multiple unpatched vulnerabilities, the flaws are not patched by Smart Media4U, the parent company of SHAREit located in Singapore.
The experts said that after three months of research, we report that flaw that affects the user data, and the hacker may steal the sensitive information, and may inject malware using the application permissions. The vulnerabilities are not easily detectable by users.
How these Flaws Works?
The vulnerabilities discovered may work in a manner that can share the data to third-party applications and permits them to read and write, access permission or execute and overwrite the existing file using the application data.
Apart from that, the application uses deep links to initiate some features that include executing split APK files from the URL and another scheme of HTTP/HTTPS domain host matches with *.wshareit.com or gshare.cdn.shareitgames.com. The application may consist install malicious applications that also initiate remote code execution as the users click on it.
As the user clicks on the download URL, Chrome will directly download the SAPK from https://gshare.cdn.shareitgmaes.com and then this SAPK is replaced by a man-in-the-middle attack.
The man-in-the-middle attack is used to take permission from external storage and execute other applications or fake applications that cause DOS attacks.
Summering Up
SHAREit also had a security fair in February 2019, where two vulnerabilities are detected that authorize the hackers to overlaps the certifications, arbitrary files and other pilfer files from the victim’s device. On 29 June the government of India banned SHAREit and other 58 applications that engaging the criminal activities and threatened the security of India.
![Read more about the article [Alert] Attackers Start Selling Data Online which is linked with Domino’s India!](https://xiarch.com/blog/wp-content/uploads/2021/05/dominos-india-disclosed-data-breach-featured-image-300x157.jpg)
