The agency said the current malicious application is capable of diverting the VPN traffic “to a different network address” and successful exploitation of this issue “could allow attackers to capture entire communication originating from affected device.”

The lethality of the virus to disrupt a system is large.

“It is noted that not all applications are encrypting their network communication. Still there is a possibility that attacker could possibly capture sensitive information from the affected device in plain text like email addresses, IMEI number, SMSes, installed applications,” the advisory said.

Cyber experts said that this anomaly could only lead to capture and viewing the data which is in plain text and Android applications directly connecting to the server using SSL will not be affected.

Websites which use ‘httpss’ in their URL will also be safe.

The cyber agency has also suggested some countermeasures to beat this threat.

“Apply appropriate updates from original equipment manufacturer, do not download and install application from untrusted sources, maintain updated mobile security solution or mobile anti-virus solutions on the device, exercise caution while visiting trusted or untrusted URLs and do not click on the URLs received via SMS or email unexpectedly from trusted or received from untrusted users” are some of the combat techniques which have been suggested by the agency.

Read More:

World's 10 Most Innovative Big Data Companies

OpenText Innovation Tour To Bring Enterprise World Experience