Skip to main content

Researchers discover new class of Android malware that hides its tracks

android cloak dagger malware phone
ymgerman/123RF
A common permission in many apps downloaded from the Google Play Store could make it relatively easy for a malicious developer to gain complete control over your device. That’s according to researchers at the University of California and the Georgia Institute of Technology, who discovered the new type of attack and have already shared their findings with Google.

They’re calling it “Cloak and Dagger,” and it relies on the ability of apps to draw UI elements over the screen as a way of concealing from the user exactly what is being shown. In the example given, several prompts are displayed when a malicious app is opened. The user thinks they’re interacting with the app, but they’re actually enabling an accessibility service that can be used to log keystrokes, including passwords.

Then, the real magic happens. Here, the user is made to watch a video — all the while, in the background, the malware is flipping switches to grant itself a variety of other permissions, including the ability to read location, text messages, and storage.

Cloak & Dagger: Clickjacking + Silent God-mode App Install

Ironically, all apps downloaded through Google’s storefront can enable the two permissions necessary for the attack without the user’s knowledge. In other words, it’s on Google to detect the scheme before the app hits the Play Store. If it slips through, as some do from time to time, the only way the user could stop it is by digging into the apps menu and checking permissions granted.

One of the most dangerous aspects of the Cloak and Dagger scheme is that researchers say it can be used to record your PIN code to discreetly unlock your device and perform actions — without ever turning the screen on.

According to the researchers, the latest version of Android, release 7.1.2, modifies the way permissions are handled in a way that makes it slightly harder to carry out an attack like this one. However, it doesn’t fully solve the issue.

Google has since responded to the news, stating to Engadget that it has updated Google Play Protect, its security software on most Android devices, to detect the presence of harmful apps that abuse these permissions. The company also reports that changes it made in Android O will “further strengthen” the platform against Cloak and Dagger attacks.

Adam Ismail
Former Digital Trends Contributor
Adam’s obsession with tech began at a young age, with a Sega Dreamcast – and he’s been hooked ever since. Previously…
This company just announced lots of new Android phones, and they look great
Renders of the ZTE Nubia Music.

ZTE has unveiled a bunch of new Nubia smartphones at Mobile World Congress (MWC) 2024, which is being held in Barcelona, Spain. These devices are intended to be distributed in Europe, Latin America, Southeast Asia, the Middle East, and Africa. Each smartphone is designed to cater to a different type of consumer, including ZTE's first flip smartphone.

Although we may not see these devices in the U.S. any time soon, it is an interesting look at what other companies across the water are doing in the Android landscape — and potentially a sign of what other manufacturers may be up to in the future. Let's dig in.
Nubia Focus 5G Pro and Nubia 5G Series

Read more
Google just announced 8 big Android updates. Here’s what’s new
A photo of many Android figurines on a white wall.

At Moblie World Congress (MWC ) 2024, Google is bringing a healthy bunch of new features to Android. In line with the AI push all across the industry, some notable AI-driven enhancements are on the table. There are also a handful of core Android features that sound practically amazing.
The first in line is Gemini. The generative AI chatbot recently got a standalone app for Android, and now it’s headed for the Google Messages app. Users can chat with Gemini directly in the messaging app and use its generative capabilities for a host of things, like drafting replies, refining a message, and more.

Another feature that was showcased a while ago is finally ready for prime time. Android Auto is gaining support for message summarization for standalone texts and group chats, and it can also suggest replies. With a single tap, users will also be able to drop a message, start a call, and share an estimated arrival time. The idea is to deploy AI for crucial tasks so that it can minimize distractions while driving.
Lookout, an accessibility-centric feature for users with vision challenges, is also getting meaningful AI love. On Android phones, Lookout will now read AI-generated captions and descriptions for media content. For now, the AI boost to Lookout and Messages is limited to the English language.

Read more
Google is launching a powerful new AI app for your Android phone
Google Gemini app on Android.

Remember Bard, Google’s answer to ChatGPT? Well, it is now officially called Gemini. Also, all those fancy AI features that previously went by the name Duet AI have been folded under the Gemini branding. In case you haven’t been following up all the AI development flood, the name is derived from the multi-modal large language model of the same name.

To go with the renaming efforts, Google has launched a standalone Gemini app on Android. Moreover, the Gemini experience is also being made available to iPhone users within the Google app on iOS. But wait, there’s more.

Read more