Skip to main content

This new Android malware will hijack your data

This new Android malware will hijack your data.All of it.

 it is automatically granted the SYSTEM_ALERT_WINDOW permission & BIND_ACCESSIBILITY_SERVICE permission, which can be used for stealing your passwords and pins.

 Both these vulnerabilities together, will install a "God-mode" app, which will get access to your messages and calls.
http://cloak-and-dagger.org/#FAQ
What do you recommend to users?
We recommend users to check which applications have access to the "draw on top" and the a11y permissions. Unfortunately, both permissions are considered "special" and, for this reason, certain versions of Android may show "no permission required" even if, in fact, the app has access to both the permissions required for our attack. Here we provide instructions for several versions of Android (if you have recommendations regarding instructions for others Android versions, please let us know and we will post them here): 
  • Android 7.1.2:
    • —   "draw on top" permission: Settings → Apps → "Gear symbol" (top-right) → Special access → Draw over other apps.
    • —   a11y: Settings → Accessibility → Services: check which apps require a11y.
  • Android 6.0.1:
    • —   "draw on top" permission: Settings → Apps → "Gear symbol" (top-right) → Draw over other apps.
    • —   a11y: Settings → Accessibility → Services: check which apps require a11y.
  • Android 5.1.1:
    • —   "draw on top" permission: Settings → Apps → click on individual app and look for "draw over other apps"
    • —   a11y: Settings → Accessibility → Services: check which apps require a11y.
    This work shows that the user should not consider her device's UI as a trusted source of information. Thus, from a conceptual point of view, the user should rely on other means than the device's UI itself. An alternative solution is to use command line tools (such as adb) or to determine the permissions requested by each app through the Play Store website. For example, to check the permissions of the official LastPass app (which requires both permissions), you can go to its Play Store page, scroll down, and click "View details" under "Permissions". The "draw on top" permission will appear under the "Others" / "draw over other apps" label, while the a11y will appear under "Others" / "bind to an accessibility service".

Comments

Post a Comment

Contact Form

Name

Email *

Message *

shopping links

For Online Shopping in India, I trust:

Amazon

Flipkart

Please click on the link to support my blog