Android users, it's time to patch your devices!

Have Older than Android Oreo 8.0 Version?

Android "overlay" technique could grant unauthorized access to the device

Researchers have recently identified a vulnerability which, unfortunately, all Android versions, except the latest Oreo 8, is subject to. They have identified that malware developers could gain control over the device with a new “toast overlay” attack.[1]

Palo Alto experts say that by overlaying system apps, cyber villains could corrupt the device. In short, such vulnerability could grant a virus administration rights, especially with Device Administrator being introduced in recent versions.

Regarding the issue, several new types of Android malware have been already roaming on the web: com.google.provision, com.android.gesture.builder, com.android.system.ui, etc, which tend to plague Android OS with malicious applications. Unfortunately, this type of scam is immune to settings restore. Naturally, now one though could occupy your mind: how can you escape the attack?

What’s this “Toast Overlay” Attack?

On Android, “Toast” functions as a pop-up message which informs you of saved settings or another recently committed action and then vanishes after a couple of seconds.

Thus, the vulnerability which comes under the name of CVE-2017-0752 allows malicious program “overlay” regular programs. The most negative aspect is that this technique does not require users’ permission to enable a fraudulent program to activate. Thus, while it may seem that legitimate apps are running, in fact, fraudulent software might be misbehaving on the phone.

Malicious app seeks to access Device Administrator rights. As a result, it might invite more questionable applications. Unfortunately, though there are multiple cases of such Android malware (few samples discussed above), a virtual infection which uses “overlay” attack behaves much more insidiously.

What is more, restoring the factory settings might turn out futile as well. Most likely, the malware will disclose its presence by draining mobile CPU speed and stuffing the mobile with several unknown apps.

Unfortunately, besides this technique, Android devices still remain much more vulnerable to the assault as fraudsters found a way how to foist their malware via Google Play. Recently, Google has removed 300 apps which were hijacked to conduct DDoS attacks[2]. Another discovery revealed more than 6000 apps[3] which “made” users watch videos and ads without their consent.

Dealing with Malware

Elaborating on the first technique, Google has issued a patch for all users who have older Android versions. Observing the tendency among crooks to plague Google App store with malevolent apps, detecting one might not be an easy task. Therefore, you may find the following advice quite useful:

  • install system updates right when they become available
  • install and keep updated a security application
  • think twice whether one or another app is necessary before downloading it
  • check what information apps have access to
About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions

References
Files
Software
Compare