Skip to main content
  1. Home
  2. Mobile
  3. News

Researchers discover new class of Android malware that hides its tracks

By

android cloak dagger malware phone
ymgerman/123RF
A common permission in many apps downloaded from the Google Play Store could make it relatively easy for a malicious developer to gain complete control over your device. That’s according to researchers at the University of California and the Georgia Institute of Technology, who discovered the new type of attack and have already shared their findings with Google.

They’re calling it “Cloak and Dagger,” and it relies on the ability of apps to draw UI elements over the screen as a way of concealing from the user exactly what is being shown. In the example given, several prompts are displayed when a malicious app is opened. The user thinks they’re interacting with the app, but they’re actually enabling an accessibility service that can be used to log keystrokes, including passwords.

Recommended Videos

Then, the real magic happens. Here, the user is made to watch a video — all the while, in the background, the malware is flipping switches to grant itself a variety of other permissions, including the ability to read location, text messages, and storage.

Cloak & Dagger: Clickjacking + Silent God-mode App Install

Ironically, all apps downloaded through Google’s storefront can enable the two permissions necessary for the attack without the user’s knowledge. In other words, it’s on Google to detect the scheme before the app hits the Play Store. If it slips through, as some do from time to time, the only way the user could stop it is by digging into the apps menu and checking permissions granted.

One of the most dangerous aspects of the Cloak and Dagger scheme is that researchers say it can be used to record your PIN code to discreetly unlock your device and perform actions — without ever turning the screen on.

According to the researchers, the latest version of Android, release 7.1.2, modifies the way permissions are handled in a way that makes it slightly harder to carry out an attack like this one. However, it doesn’t fully solve the issue.

Google has since responded to the news, stating to Engadget that it has updated Google Play Protect, its security software on most Android devices, to detect the presence of harmful apps that abuse these permissions. The company also reports that changes it made in Android O will “further strengthen” the platform against Cloak and Dagger attacks.

Editors' Recommendations

Topics
Adam Ismail
Adam Ismail
Former Digital Trends Contributor
Adam’s obsession with tech began at a young age, with a Sega Dreamcast – and he’s been hooked ever since. Previously…
Ring allows undisclosed third parties to track you through its Android app
ring video doorbells free amazon echo show 5 doorbell pro

Amazon Ring’s Android app has been found to allow third-party trackers access to your data like your name, IP address, mobile network carrier, and more. 

The Electronic Frontier Foundation (EFF) published a report on Monday, January 27, about an investigation into Ring’s Android app. The investigation found analytics and marketing companies not mentioned in Ring’s privacy notice have access to your data directly through the Ring app.

Read more
AT&T just made it a lot easier to upgrade your phone
AT&T Storefront with logo.

Do you want to upgrade your phone more than once a year? What about three times a year? Are you on AT&T? If you answered yes to those questions, then AT&T’s new “Next Up Anytime” early upgrade program is made for you. With this add-on, you’ll be able to upgrade your phone three times a year for just $10 extra every month. It will be available starting July 16.

Currently, AT&T has its “Next Up” add-on, which has been available for the past several years. This program costs $6 extra per month and lets you upgrade by trading in your existing phone after at least half of it is paid off. But the new Next Up Anytime option gives you some more flexibility.

Read more
Motorola is selling unlocked smartphones for just $150 today
Someone holding the Moto G Stylus 5G (2024).

Have you been looking for phone deals but don’t want to spend a ton of money on flagship devices from Apple and Samsung? Have you ever considered investing in an unlocked Motorola? For a limited time, the company is offering a $100 markdown on the Motorola Moto G 5G. It can be yours for just $150, and your days and nights of phone-shopping will finally be over!

Why you should buy the Motorola Moto G 5G
Powered by the Snapdragon 480+ 5G CPU and 4GB of RAM, the Moto G delivers exceptional performance across the board. From UI navigation to apps, games, and camera functions, you can expect fast load times, next to no buffering, and smooth animations. You’ll also get up to 128GB of internal storage that you’ll be able to use for photos, videos, music, and any other mobile content you can store locally. 

Read more