Around half-billion Android devices are at risk. So, as an Android user, you must be worried. Mobile security firm Skycure has found a new Android malware that allows malicious apps to access all text-based data on an Android device without any permission from the user. This new malware is called ‘Accessibility clickjacking’.
Also see: More than 1.1 million Android devices are infected in India: Report
Clickjacking tricks victims to click on an element that is not actually visible and something else appears on the screen. Users never knew what they were actually clicking but in reality, they were clicking on permission button.
The co-founders Adi Sharabani and Yair Amit demonstrated this vulnerability at RSA Conference in San Francisco.
The trick is done by overlaying a legit action button on the permission button. Clicking on this will allow the malicious app to access phone’s data, and you would’ve never know it happened. Watch the video below.
This malware can monitor all of the activities and allow an attacker to read, compose documents of emails. An attacker can also wipe the device remotely.
Accessibility APIs were introduced in Android 1.6 and enhanced in Android 4.0. These APIs allow Accessibility Services to access the contents of the interfaces that a user interacts. By using Accessibility Clickjacking, a malicious application can access all sensitive text-based information on an infected Android device. It is worth to mention that later version of Android including 5.0 or higher versions are safe as these versions do not allow other apps to draw over critical system popups.
Then what is the risk?
See the graph below. It is the latest graph. It provides information about the relative number of devices running a given version of the Android platform. This data suggests that only around 35% devices run on Android Lollipop and only 2.3% are running on Android Marshmallow. Now, you can assume how many devices are at risk.
Over 500 million Android devices are at risk. If you look into a broader perspective, more than half of the Android devices are at risk. And this is something serious.
Now Android antivirus companies have started selling their Antivirus software by claiming protection against this new malware. But the problem is still with users who install apps from unknown sources.
Google knew that Android platform has ‘Accessibility settings ’ which could be exploited but it exists because it offers users something they want. This is the reason Google tried to add an extra layer of security, Google Play services. If the user does not install apps from unknown source, they are almost safe (excluding few exceptional cases). Google also scan apps code searching for the malicious code. Hence, most of the malicious apps couldn’t get its way into the app store.
SOURCE: Skycure
