Together with heise online CISPA warns of criminals using Stagefright to distribute malware with an elaborate social engineering email. The email contains an alleged software update by Google Android to fix the Stagefright vulnerability. The email asks users to side load the alleged security update “CVE-2015-1538.apk”, which is in truth the remote administration tool DroidJack allowing the criminals to remotely access the user’s phone. We caution users against installing alleged security patches send to them via email. If your provider has not patched the vulnerasability yet (most have not), the best quick fix is to disable the option called “Auto retrieve MMS” in your default SMS/MMS messaging app.