500 Million Android Devices Affected by 'Accessibility Clickjacking' Malware: Report

Advertisement
By Ketan Pratap | Updated: 7 March 2016 16:48 IST
500 Million Android Devices Affected by 'Accessibility Clickjacking' Malware: Report
Mobile security firm Skycure has claimed that a new Android malware can allow malicious apps to access all text-based data on a device without requiring permission from the user.

The research firm has further claimed that the latest Android malware family dubbed "Accessibility Clickjacking" impacts almost all Android versions except the last two versions - Android 5.0 Lollipop and Android 6.0 Marshmallow. It adds that Accessibility Clickjacking affects almost 65 percent of all Android devices "at this point" which turns out to be over 500 million Android devices. The research firm says that the malware family affects Android devices running Gingerbread, Ice Cream Sandwich, Jelly Bean, and KitKat OS versions.

Skycure's Yair Amit explains in a blog that the malware can access personal information including emails without the consent of the user. He adds, "Clickjacking is a term for a malicious UI redressing technique that tricks a victim into clicking on an element that is different than the one the victim believes to be clicking on. This technique, which relied on the ability of malicious websites to load a seemingly benign webpage with an invisible overlay from another service (attacked service), used to be a major concern in the Web-application security world and yielded a variety of attacks against important services or frameworks, such as Facebook, Twitter and Flash."

The security firm pointed out that the Accessibility Clickjacking malware is not just a theoretical threat, and that last month a ransomware named Android.Lockdroid.E that was found by Symantec used the malware to gain admin rights. Amit suggests that once accessibility has been enabled on the targeted device, the attacker can even change admin permissions.

Skycure has also demonstrated the malware workflow by using a rat-hitting game. While the user gets an impression that they are playing the game, the malware in the background gets the accessibility via user's consent.

Advertisement

"What actually happens in the background might come as a surprise to the victim - his/her clicks are actually propagated to an underlying and invisible layer of the operating system - the Accessibility approval dialog. Completing the game means that the victim unknowingly approved Accessibility permissions for the "benign game," adds Amit. The mobile security firm, apart from recommending users install the Skycure App, tells users to get onto the latest version of Android; not to click on dialogue boxes; not to use third-party app stores, and verify app permissions.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Android, Android Malware, Google, Skycure
Advertisement

Related Stories

Popular Mobile Brands
  1. Poco F7 5G to Be Equipped With a Snapdragon 8s Gen 4 SoC
  2. Oppo Reno 14 5G Series Teased to Launch in India Soon
  3. Samsung Galaxy M36 5G India Launch Date and Key Features Revealed
  4. Realme 15 Series Said to Launch in July; Lite Variant Leaked Online
  5. Samsung Galaxy Z Fold 7, Z Flip 7 Launch Date Leaked Online
  6. BSNL Announces Name of Its 5G Service in India
  1. Nothing Phone 3 to Feature New Glyph Matrix LED Interface on the Rear Panel
  2. Capcom Spotlight Livestream Announced for Next Week; Will Feature Updates on Resident Evil: Requiem, Pragmata
  3. OnePlus Gaming Phone With Flagship Features, Shoulder Triggers Said to Be in Development
  4. Honor Magic V5 Set to Launch on July 2, Design Officially Teased
  5. Samsung Galaxy M36 5G India Launch Date Set for June 27; Colours, Key Features Revealed
  6. Realme 15 Series Launch Timeline Leaked; Lite Variant Surfaces Online
  7. Oppo Reno 14 5G Series India Launch Confirmed: Expected Price, Specifications
  8. Google Messages Widely Rolling Out Snooze Notifications and Delete for Everyone Features
  9. OnePlus Bullets Wireless Z3 With 12.4mm Drivers, Up to 36 Hours of Battery Life Launched in India
  10. Microsoft Planning Thousands More Job Cuts Aimed at Salespeople
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.