Skip to main content

New Malware, Accessibility Clickjacking, affects 65% of Android devices

google android one u s stock phone smartphone
Image used with permission by copyright holder
In our mobile-first digital age, we operate under the assumption that our smartphones are safe — the alternative is simply too terrifying to consider, especially considering the vast amount of information and personal data contained on these devices. But the time for ignorance has long since passed, and at the RSA conference in San Francisco this past week, mobile security company Skycure co-founders Adi Sharabani and Yair Amit revealed that a new kind of malware puts a stunning 500,000,000 Android phones at risk. That’s the equivalent of 65 percent of Android devices on the market today.

The issue of malware on Android devices is nothing new, but this latest form may be the most insidious. Known as “accessibility clickjacking,” it effectively cedes control of your phone to a malicious hacker.

As Skycure explains, “Clickjacking is a term for a malicious UI redressing technique that tricks a victim into clicking on an element that is different than the one the victim believes to be clicking on.” In essence, “malicious websites” appear with what seem to be harmless webpages, but these sites are in fact overlayed with another attacked service. And Skycure notes, “Clickjacking is not a theoretical threat — just a month ago, a ransomware named Android.Lockdroid.E that utilized Android Clickjacking to gain Admin rights was found by Symantec.”

So just what is the extent of the damage made possible by way of this new malware? Experts claim that clickjacking could give hackers access to “all text-based sensitive information on an infected Android device, as well as take automated actions via other apps or the operating system, without the victim’s consent.” This includes emails, text messages, messaging app data, information from CRM apps, and much more.

The worst part, perhaps, is the sheer number of users who may be susceptible to this sort of attack. If you’re running anything from Android 2.2 Froyo to Android 4.4 KitKat on your phone, you could fall victim to clickjacking. So upgrade to Lollipop or above ASAP, and protect yourself from the latest in malware.

Editors' Recommendations

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Android Auto just got a much-requested new feature
Android Auto in a car.

Android Auto is an excellent platform that helps bridge the gap between a driver's phone and their car's control center, and now it's getting even better.

The latest update for the Android Auto beta adds an exciting amount of customization to the interface's widgets. Now, instead of the usual fixed layout that users have grown accustomed to, the widgets are interchangeable and able to be customized to best accommodate a driver's needs.

Read more
Google just announced 9 new features for your Android phone and watch
Samsung Galaxy S23 showing Google Photos

Google has announced some big new features coming to Android and Wear OS devices during the Mobile World Congress 2023 event in Barcelona, Spain. These new features are beginning to roll out starting today, February 27, with others to come later.
New Android features available starting February 27

Google Drive users will now be able to do freehand annotation on Android phones and tablets. This means you are now able to use a stylus or your fingers to annotate PDFs directly in the Google Drive app on Android.

Read more
These 80+ apps could be running adware on your iPhone or Android device
Illustration of an infected iPhone

Cybersecurity company Human has uncovered another adware campaign engaging in ad fraud that is targeting iOS and Android devices. In the simplest terms, ad fraud allows a bad actor to either visibly spam an app with ads, or to manipulate the code in such a way that the ads are invisible to the user while the bad actor extracts advertising money from a marketer.

In each iteration, it’s fraudulent. Ad fraud has been widespread in the industry for a while, and the latest investigation uncovered a cache of over 75 Android apps listed in the Google Play Store and nearly a dozen apps on Apple’s App Store that are engaged in various forms of ad fraud.

Read more