In our mobile-first digital age, we operate under the assumption that our smartphones are safe — the alternative is simply too terrifying to consider, especially considering the vast amount of information and personal data contained on these devices. But the time for ignorance has long since passed, and at the RSA conference in San Francisco this past week, mobile security company Skycure co-founders Adi Sharabani and Yair Amit revealed that a new kind of malware puts a stunning 500,000,000 Android phones at risk. That’s the equivalent of 65 percent of Android devices on the market today.
The issue of malware on Android devices is nothing new, but this latest form may be the most insidious. Known as “accessibility clickjacking,” it effectively cedes control of your phone to a malicious hacker.
As Skycure explains, “Clickjacking is a term for a malicious UI redressing technique that tricks a victim into clicking on an element that is different than the one the victim believes to be clicking on.” In essence, “malicious websites” appear with what seem to be harmless webpages, but these sites are in fact overlayed with another attacked service. And Skycure notes, “Clickjacking is not a theoretical threat — just a month ago, a ransomware named Android.Lockdroid.E that utilized Android Clickjacking to gain Admin rights was found by Symantec.”
So just what is the extent of the damage made possible by way of this new malware? Experts claim that clickjacking could give hackers access to “all text-based sensitive information on an infected Android device, as well as take automated actions via other apps or the operating system, without the victim’s consent.” This includes emails, text messages, messaging app data, information from CRM apps, and much more.
The worst part, perhaps, is the sheer number of users who may be susceptible to this sort of attack. If you’re running anything from Android 2.2 Froyo to Android 4.4 KitKat on your phone, you could fall victim to clickjacking. So upgrade to Lollipop or above ASAP, and protect yourself from the latest in malware.