New day , New spam for Android users – According to analysts they’ve found another domain of Android malware altogether, they call it “Cloak and Dagger”. As name suggests, these malicious activities are creep in nature as they operates quietly so the user couldn’t get any clue about them.

Trouble for Android rose when researchers at the University of California Santa Barbara and Georgia Institute of Technology discovered this newbie exploit , the Cloak and Dagger targets client in two ways of authorizations. The first is the System Alert Window, also called ‘draw on top’, enabling applications to make overlays or draw on top of different applications and the Android interface. The second is Bind Accessibility Service, known as ‘a11y’, which permits the utilization of various administrative accesses on Android to help individuals with different difficulties.

Utilizing either or both of these permissions, a malicious app could make clients succumb to clickjacking. The newbie exploit has a dual face characteristic, where a malicious app indicates client one interface, which really veils another interface beneath. For instance, clients could be demonstrated a harmless survey, yet underneath it, application authorizations could be flipped rather without clients’ knowledge.

These two permissions enables a wide range of assaults for scammers. “These assaults permits malicious apps to control the UI input circle and assume control over the gadget – without allowing the client to see the malicious activity,” the description of the Cloak and Dagger attacks on a dedicated website. Prominently, these assaults even influence all the most recent variants of Google’s mobile platform, including Android 7.1.2 Nougat.

Alarmingly, the System Alert Window or ‘draw on top’ consent is not required to be explicitly allowed by the client when an application is installed via Google Play. Heading from Bad to worst,  if a malicious application with the Draw on Top authorization is installed, it could undoubtedly trick a client into giving it the Bind Accessibility Service permit. If you’re concerned as of now, hold up till you hear the peak of worst, these vulnerabilities have not been settled till now.

While these analysts initially conversed with Google around 9 months back and a few vulnerabilities were settled over months with updates, some of them are as yet present in the most recent version of platform as the tools involved in exploit are likewise required by a few applications, as pointed out in a report by Android Police.

Overlays can simply end up being a security risk and this is the reason an overlay warning was introduced with Android Marshmallow. However, it was not present in Android Nougat, Android Police nots.

Google reacts to Cloak and Dagger via Engadget saying , “We’ve been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer. We have updated Google Play Protect — our security services on all Android devices with Google Play — to detect and prevent the installation of these apps. Prior to this report, we had already built new security protections into Android O that will further strengthen our protection from these issues, moving forward.”

However, the dilemma of getting ‘approved‘ malicious app from Google Play is still a ugly fact.

Hence, until Android O steps in, Android user don’t have much to abstain themselves from being trapped apart from regular security checks that includes

  • Install apps from trust sources
  • Don’t install random apps
  • Have a close watch on permissions an app is asking for.


References :

  • gadgets.ndtv


Comments Below