Mobile security firm Skycure has claimed that a new Android malware can allow malicious apps to access all text-based data on a device without requiring permission from the user.
The research firm has further claimed that the latest Android malware family dubbed “Accessibility Clickjacking” impacts almost all Android versions except the last two versions – Android 5.0 Lollipop and Android 6.0 Marshmallow. It adds that Accessibility Clickjacking affects almost 65 percent of all Android devices “at this point” which turns out to be over 500 million Android devices. The research firm says that the malware family affects Android devices running Gingerbread, Ice Cream Sandwich, Jelly Bean, and KitKat OS versions.
Skycure’s Yair Amit explains in a blog that the malware can access personal information including emails without the consent of the user. He adds, “Clickjacking is a term for a malicious UI redressing technique that tricks a victim into clicking on an element that is different than the one the victim believes to be clicking on. This technique, which relied on the ability of malicious websites to load a seemingly benign webpage with an invisible overlay from another service (attacked service), used to be a major concern in the Web-application security world and yielded a variety of attacks against important services or frameworks, such as Facebook, Twitter and Flash.”
The security firm pointed out that the Accessibility Clickjacking malware is not just a theoretical threat, and that last month a ransomware named Android.Lockdroid.E that was found by Symantec used the malware to gain admin rights. Amit suggests that once accessibility has been enabled on the targeted device, the attacker can even change admin permissions.
Skycure has also demonstrated the malware workflow by using a rat-hitting game. While the user gets an impression that they are playing the game, the malware in the background gets the accessibility via user’s consent.
“What actually happens in the background might come as a surprise to the victim – his/her clicks are actually propagated to an underlying and invisible layer of the operating system – the Accessibility approval dialog. Completing the game means that the victim unknowingly approved Accessibility permissions for the “benign game,” adds Amit. The mobile security firm, apart from recommending users install the Skycure App, tells users to get onto the latest version of Android; not to click on dialogue boxes; not to use third-party app stores, and verify app permissions.