500 Million Android Devices Affected by 'Accessibility Clickjacking' Malware: Report

Advertisement
By Ketan Pratap | Updated: 7 March 2016 16:48 IST
500 Million Android Devices Affected by 'Accessibility Clickjacking' Malware: Report
Mobile security firm Skycure has claimed that a new Android malware can allow malicious apps to access all text-based data on a device without requiring permission from the user.

The research firm has further claimed that the latest Android malware family dubbed "Accessibility Clickjacking" impacts almost all Android versions except the last two versions - Android 5.0 Lollipop and Android 6.0 Marshmallow. It adds that Accessibility Clickjacking affects almost 65 percent of all Android devices "at this point" which turns out to be over 500 million Android devices. The research firm says that the malware family affects Android devices running Gingerbread, Ice Cream Sandwich, Jelly Bean, and KitKat OS versions.

Skycure's Yair Amit explains in a blog that the malware can access personal information including emails without the consent of the user. He adds, "Clickjacking is a term for a malicious UI redressing technique that tricks a victim into clicking on an element that is different than the one the victim believes to be clicking on. This technique, which relied on the ability of malicious websites to load a seemingly benign webpage with an invisible overlay from another service (attacked service), used to be a major concern in the Web-application security world and yielded a variety of attacks against important services or frameworks, such as Facebook, Twitter and Flash."

The security firm pointed out that the Accessibility Clickjacking malware is not just a theoretical threat, and that last month a ransomware named Android.Lockdroid.E that was found by Symantec used the malware to gain admin rights. Amit suggests that once accessibility has been enabled on the targeted device, the attacker can even change admin permissions.

Skycure has also demonstrated the malware workflow by using a rat-hitting game. While the user gets an impression that they are playing the game, the malware in the background gets the accessibility via user's consent.

Advertisement

"What actually happens in the background might come as a surprise to the victim - his/her clicks are actually propagated to an underlying and invisible layer of the operating system - the Accessibility approval dialog. Completing the game means that the victim unknowingly approved Accessibility permissions for the "benign game," adds Amit. The mobile security firm, apart from recommending users install the Skycure App, tells users to get onto the latest version of Android; not to click on dialogue boxes; not to use third-party app stores, and verify app permissions.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Android, Android Malware, Google, Skycure
Advertisement

Related Stories

Popular Mobile Brands
  1. OnePlus Pad 3 With 12,140mAh Battery Launched in India: Check Features
  2. Our Fault OTT Release Date: When and Where to Watch Final Chapter of Culpables Online?
  3. OTT Releases This Week: Pattth, Stolen, Jaat, Bhool Chuk Maaf, and More
  4. Realme GT 7 and GT 7T Review
  5. Huawei Pura 80 Pro, Pura 80 Pro+ Design Teased; Pre-Reservation Begin
  6. Samsung Galaxy Z Flip FE Price and Storage Options Leaked Again
  7. OnePlus Pad 3 First Impressions
  8. Redmi Pad 2 With 9,000mAh Battery Launched in Global Markets: See Price
  9. Nintendo Switch 2 Debuts With Joy-Con 2 Controllers: Price, Features
  10. OnePlus 13s Review
  1. Samsung Galaxy Z Fold 7 Ultra Isn’t Coming, Galaxy Z Fold 7 to Offer ‘Ultra’ Experience, Tipster Claims
  2. Google Upgrades Gemini 2.5 Pro AI Model With Improved Coding Capabilities
  3. Samsung Galaxy Z Flip FE Price, Storage Options Leaked Again; Here's How Much It Could Cost
  4. WWDC 2025: watchOS 26 to Reportedly Get Support for Third-Party Control Centre Widgets
  5. Snapchat Launches Apple Watch App With Scribble, Dictation Support; Lens Studio Now on iOS
  6. Hugging Face Releases SmolVLA Open Source AI Model For Robotics Workflows
  7. Redmi Pad 2 With 9,000mAh Battery, MediaTek Helio G100 Ultra Chip Launched: Price, Specifications
  8. Alphabet CEO Expects to Keep Hiring Engineers as AI Advances
  9. Amazon Said to Be Preparing to Test Humanoid Robots for Deliveries
  10. Google Doubles Gemini 2.5 Pro Rate Limit for Google AI Pro Subscribers
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.