Skip to main content
  1. Home
  2. Mobile
  3. News

Researchers discover new class of Android malware that hides its tracks

By

A common permission in many apps downloaded from the Google Play Store could make it relatively easy for a malicious developer to gain complete control over your device. That’s according to researchers at the University of California and the Georgia Institute of Technology, who discovered the new type of attack and have already shared their findings with Google.

They’re calling it “Cloak and Dagger,” and it relies on the ability of apps to draw UI elements over the screen as a way of concealing from the user exactly what is being shown. In the example given, several prompts are displayed when a malicious app is opened. The user thinks they’re interacting with the app, but they’re actually enabling an accessibility service that can be used to log keystrokes, including passwords.

Recommended Videos

Then, the real magic happens. Here, the user is made to watch a video — all the while, in the background, the malware is flipping switches to grant itself a variety of other permissions, including the ability to read location, text messages, and storage.

Cloak & Dagger: Clickjacking + Silent God-mode App Install

Ironically, all apps downloaded through Google’s storefront can enable the two permissions necessary for the attack without the user’s knowledge. In other words, it’s on Google to detect the scheme before the app hits the Play Store. If it slips through, as some do from time to time, the only way the user could stop it is by digging into the apps menu and checking permissions granted.

Related

One of the most dangerous aspects of the Cloak and Dagger scheme is that researchers say it can be used to record your PIN code to discreetly unlock your device and perform actions — without ever turning the screen on.

According to the researchers, the latest version of Android, release 7.1.2, modifies the way permissions are handled in a way that makes it slightly harder to carry out an attack like this one. However, it doesn’t fully solve the issue.

Google has since responded to the news, stating to Engadget that it has updated Google Play Protect, its security software on most Android devices, to detect the presence of harmful apps that abuse these permissions. The company also reports that changes it made in Android O will “further strengthen” the platform against Cloak and Dagger attacks.

Topics
Adam Ismail
Adam Ismail
Former Digital Trends Contributor
Adam’s obsession with tech began at a young age, with a Sega Dreamcast – and he’s been hooked ever since. Previously…

Editors’ Recommendations

Android 16 might give its own spin to iPhone’s Dynamic Island alerts
The DynamicSpot Dynamic Island at the top of the Pixel 7 Pro.

Over the past few weeks, we’ve come across some interesting details about the next major build of Android. Currently in development under the apparent codename of Baklava, Android 16 will reportedly bring a cool new feature called Priority modes for notifications.

If that sounds familiar, that’s because Apple already offers a bunch of focus modes toward the same goal and bolsters the system with AI-assisted priority notifications in iOS 18. It seems Google doesn’t want to be left behind, and in doing so, could very well lift from a popular iPhone trick.

Read more
Motorola is already updating some phones to its Android 15 beta
The Android 15 logo on a smartphone.

Android fans can breathe a sigh of relief. The long-awaited Android 15 is finally here and is rolling out to compatible smartphones. We knew the release was coming; in fact, we reported on it rolling out to Pixel devices yesterday, and Motorola had already confirmed that it would be coming to a wide range of devices.

According to a report from GSMArena, some users have begun to see Android 15 beta show up on the Motorola Edge 50 Fusion, but it's likely that the update is also hitting other Edge 50 models. These phones are currently receiving the Android 15 beta update, but the full version will make its way to these handsets, too — possibly by the end of the year if we assume the current update is a test of stability for the OS.

Read more
The Xiaomi 14T Pro is a cool (but confusing) new Android phone
The back of the Xiaomi 14T Pro.

Xiaomi’s T-series smartphones are always quite confusing, as you may expect them to be a straight mid-generation upgrade over the older non-T series phone. However, this is not always so, and the Xiaomi 14T Pro proves it.

The design has undergone some changes compared to the Xiaomi 14 Pro, with the camera module on the back taking on a more iPhone-like style. The flattened aluminum chassis gives a similar in-hand feel to recent iPhone models, too. It can’t hide its 209-gram weight or the 8.3mm thickness, making it a very substantial phone. It does feel high-quality and suitably durable, plus the 14T Pro has an IP68 dust and water resistance rating.

Read more