The threat of malware on Android devices is nothing new or revolutionary. But the latest malware found could have the biggest impact. The malware is being dubbed as “accessibility clickjacking” and 500 million Android devices are at risk. It’s ok… take a second to read that again. That means 65% of Android devices are vulnerable.
Clickjacking is a technique attackers use to trick users into clicking on an element that is different than the one they are intending to click. It relies on the attacker’s capability to load a neutral webpage with an invisible overlay with the malicious content. Web browsers have mitigated against this type of attack, but it turns out Android is still vulnerable.
Recently, Symantec discovered a ransomware – Android.Lockdroid.E – that used the clickjacking technique to get admin rights for the device.
For more technical details and a video demonstrating the attack, check out the blog published by Skycure.
Skycure explains, “Accessibility Clickjacking can allow malicious applications to access all text-based sensitive information on an infected device, as well as take automated actions via other apps or the operating system, without the victim’s consent. This would include all personal and work emails, SMS messages, data from messaging apps, sensitive data on business applications such as CRM software, marketing automation software and more.”
With the widespread range of vulnerable devices, the impact of this type of attack is pretty high. Any organization that has employees using Android devices to access work information or emails should take note.
Users of Android devices can take the following steps to be better protected against this malware:
Update: Update the operating system to the latest version. The clickjacking attack affects devices running anything from Android 2.2 Froyo to Android 4.4 KitKat. Update to Android 5.0 Lollipop or above is you haven’t already.
Third-Party Apps: Try to stay away from downloading apps from third-party app stores. To help, turn off the setting that allows third-party app installs:
- Open “Settings” app
- Find “Security” settings
- Uncheck “Unknown sources”
Accessibility Permissions: Double check the apps you have installed that use accessibility permissions on the device. If you don’t need that functionality, turn it off:
- Open “Settings” app
- Find “Accessibility” settings
- Make sure there is no group named “Services”
- Or… make sure the group has no enabled entries