Thursday, May 1, 2025
HomeCVE/vulnerabilityUnpatched SHAREit Flaw Let Attackers Execute Remote Code

Unpatched SHAREit Flaw Let Attackers Execute Remote Code

Published on

SIEM as a Service

Follow Us on Google News

SHAREit app is owned by Smart Media4U Technology Pte. Ltd. which is a global technology company in Singapore. SHAREit was originally made by Chinese tech giant Lenovo.  

The company produces an app, also called SHAREit, which is compatible with various smartphone platforms that allow users to share files between devices directly.

Experts from Trend Micro discovered vulnerabilities in the SHAREit application, which has over 1 billion downloads in Google Play. The vulnerabilities can be abused to leak a user’s sensitive data, execute arbitrary code, and possibly lead to remote code execution.

- Advertisement - Google News

In the earlier period, vulnerabilities that can be used to download and steal files from users’ devices have also been associated with the app. While the app allows the transfer and download of various file types, such as Android Package (APK), the vulnerabilities related to these features are most likely unintended flaws.

Vulnerability Details

The flaw arises from the way the app facilitates sharing of files (via Android’s FileProvider), potentially allowing any third-party to gain temporary read/write access permissions and exploit them to overwrite existing files in the app’s data folder.

Experts observed SHAREit has set up deep links using URL leading to specific features in the app. These contain features that can download and install any APK. It declares a deep link feature that can download files from a URL that has the scheme of http/https and domain host that matches *.wshareit.com or gshare.cdn.shareitgames.com.

It also provides a feature that can install an APK with the file name suffix sapk. This feature can be used to install a malicious app; in that case, it will enable a limited RCE when the user clicks on a URL.

Therefore, the app is also vulnerable to man-in-the-disk (MitD) attack, which arises when careless use of “external storage” permissions, opens the door to the installation of fraudulent apps and even causes a denial of service condition.

To illustrate, experts manually copied Twitter.apk in the code to replace it with a fake file of the same name. As a result, a pop-up of the fake Twitter app will appear on the main screen of the SHAREit app (as shown below).

Reopening the SHAREit app will cause the fake Twitter app to appear on the screen again to prompt the user to install it (as shown below). Upon clicking the install button, the fake app will be installed successfully and opened automatically. This will show another system notification pop-up.

A pop-up from the fake Twitter app created to test the vulnerability
Download prompt from the fake Twitter app

Recommendations

According to the experts, security must be a top consideration for app developers, enterprises, and users alike.

For safe mobile app use, regularly updating and patching mobile operating systems and the app themselves is essential. Users should also keep themselves informed by reading reviews and articles about the apps they download.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Also Read

SHAREit App Vulnerabilities Allows Hackers to Bypass Android Device Authentication & Download Arbitrary Files Remotely

Digital Strike!! India Banned 59 Chinese Apps Including TikTok, UC Browser, SHAREit

Digital Strike!! Government of India Banned 118 Mobile Apps Including PUBG

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...

Researchers Reveal Threat Actor TTP Patterns and DNS Abuse in Investment Scams

Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...