The issue of malware on Android devices is nothing new, but this latest form may be the most insidious. Known as “accessibility clickjacking,” it effectively cedes control of your phone to a malicious hacker.
As Skycure explains, “Clickjacking is a term for a malicious UI redressing technique that tricks a victim into clicking on an element that is different than the one the victim believes to be clicking on.” In essence, “malicious websites” appear with what seem to be harmless webpages, but these sites are in fact overlayed with another attacked service. And Skycure notes, “Clickjacking is not a theoretical threat — just a month ago, a ransomware named Android.Lockdroid.E that utilized Android Clickjacking to gain Admin rights was found by Symantec.”
So just what is the extent of the damage made possible by way of this new malware? Experts claim that clickjacking could give hackers access to “all text-based sensitive information on an infected Android device, as well as take automated actions via other apps or the operating system, without the victim’s consent.” This includes emails, text messages, messaging app data, information from CRM apps, and much more.
The worst part, perhaps, is the sheer number of users who may be susceptible to this sort of attack. If you’re running anything from Android 2.2 Froyo to Android 4.4 KitKat on your phone, you could fall victim to clickjacking. So upgrade to Lollipop or above ASAP, and protect yourself from the latest in malware.