There’s a new form of malware attacks going by the name of Cloak and Dagger.
Oftentimes when speaking of new malware, we’re speaking of specific attacks. This time it’s not a version, but a type. The type, discovered by researchers at UC Santa Barbara and Georgia Tech, is called “Cloak and Dagger” because the attacks are taking place undercover without the user’s knowledge.
These attacks utilize two permissions android permissions. The “System Alert Window” which allows apps to draw on top of other apps. This is a permission which the Google OS automatically grants to apps. With this permission, malware attacks can overlay harmless looking screens on a device, tricking he user to click on items underneath the screen that aren’t that harmless. The “Bind Accessibility Service” allows for these attacks to take place while the screen remains turned off. Among functions which the accessibility permission allows? Injecting events, unlock the phone, and interact with any other app all while the screen remains off. Any number of malware attacks can utilize these features of Android to allow attacks to take place without the user ever knowing it’s taking place.
Google is already working on fixing the issue. A spokesman states, “We’ve been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer. We have updated Google Play Protect — our security services on all Android devices with Google Play — to detect and prevent the installation of these apps. Prior to this report, we had already built new security protections into Android O that will further strengthen our protection from these issues, moving forward.”
Oftentimes when news of malware attacks occur, we advise users to be wary of permission which apps are requesting. In this case, these are permissions we may not have the opportunity to grant or deny. As always, be sure of which apps you are downloading. Make sure it is from a trusted developer, and read reviews of other users. If an app does not actually provide the functionality as advertised, you will most certainly see reviews stating this fact.