Dangerous 'Accessibility Malware' puts 500 million Android devices at risk

Mumbai: A recent report by a global mobile threat security firm has revealed that the inception of an advanced mobile malware has impacted more than half a billion Android devices globally.

US-based Skycure made fresh revelations about an evolutionary mobile malware, dubbed "Accessibility Clickjacking", at the 25th annual RSA conference—the world’s biggest cyber-security event—that ended on March 4.

The company pointed out that this modern mobile malware has the capability to evade scanner detection, which is based on signatures, static and dynamic analysis approaches.

Highlighting the salient traits of "Accessibility Clickjacking" malware, the research pointed out that it can "circumvent numerous security apps", hence compromising all significant data stored in a victim’s device.

The firm’s research uncovered that the fresh malware can monitor a victim’s activity in real-time, allowing attackers to read emails, possibly compose corporate emails and documents via the victim’s device, as well as elevate their permissions to remotely encrypt or wipe the device.

According to Skycure, Clickjacking is a malicious UI redressing technique that tricks a victim into clicking on an element that is totally different from the one he or she believes to be clicking on.

“While a variety of capabilities have been implemented into web browsers and web servers in order to mitigate the risk of clickjacking, mobile still remains vulnerable and it turns out that Android is susceptible to a similar kind of a threat,” said the company in a recently published blog.

Malicious apps and games

Android smartphone users should be careful while playing games or running any application, as hackers can create simple "benign" games that can automatically trigger "Accessibility Clickjacking" in the background without the victim’s knowledge.

Here is a Skycure video demonstration of "Accessibility Clickjacking" attack flow:

Skycure said, "Accessibility Clickjacking can allow malicious applications to access all text-based sensitive information on an infected Android device, as well as take automated actions via other apps or the operating system, without the victim’s consent."

As mentioned earlier, the malicious apps includes emails, text messages, data from messaging apps, and important business applications such as CRM software, marketing automation software and more.

In such a scenario, Android users should be careful about the applications and games they download in the first place.

The Next Level

Once accessibility has been enabled on the device, the attackers have the power to change admin passwords, without the victim’s knowledge.

Here is another Skycure video demonstration, which shows how the attackers change, remove, and wipe out any passwords without leaving any footprint:

There is no reason to worry for smartphone users with the latest Lollipop and Marshmallow platforms, however, the malware accounts for about 65 per cent of all devices running on old Android operating systems.

Skycure’s findings pointed out that anything between Android 2.2 Froyo to Android 4.4 Kitkat are most likely to get affected be Clickjacking.