Skip to main content
  1. Home
  2. Mobile
  3. News

Researchers discover new class of Android malware that hides its tracks

Adam Ismail
By

android cloak dagger malware phone
ymgerman/123RF
A common permission in many apps downloaded from the Google Play Store could make it relatively easy for a malicious developer to gain complete control over your device. That’s according to researchers at the University of California and the Georgia Institute of Technology, who discovered the new type of attack and have already shared their findings with Google.

They’re calling it “Cloak and Dagger,” and it relies on the ability of apps to draw UI elements over the screen as a way of concealing from the user exactly what is being shown. In the example given, several prompts are displayed when a malicious app is opened. The user thinks they’re interacting with the app, but they’re actually enabling an accessibility service that can be used to log keystrokes, including passwords.

Recommended Videos

Then, the real magic happens. Here, the user is made to watch a video — all the while, in the background, the malware is flipping switches to grant itself a variety of other permissions, including the ability to read location, text messages, and storage.

Cloak & Dagger: Clickjacking + Silent God-mode App Install

Ironically, all apps downloaded through Google’s storefront can enable the two permissions necessary for the attack without the user’s knowledge. In other words, it’s on Google to detect the scheme before the app hits the Play Store. If it slips through, as some do from time to time, the only way the user could stop it is by digging into the apps menu and checking permissions granted.

Related

One of the most dangerous aspects of the Cloak and Dagger scheme is that researchers say it can be used to record your PIN code to discreetly unlock your device and perform actions — without ever turning the screen on.

According to the researchers, the latest version of Android, release 7.1.2, modifies the way permissions are handled in a way that makes it slightly harder to carry out an attack like this one. However, it doesn’t fully solve the issue.

Google has since responded to the news, stating to Engadget that it has updated Google Play Protect, its security software on most Android devices, to detect the presence of harmful apps that abuse these permissions. The company also reports that changes it made in Android O will “further strengthen” the platform against Cloak and Dagger attacks.

Editors' Recommendations

Topics
Adam Ismail
Adam Ismail
Former Digital Trends Contributor
Adam’s obsession with tech began at a young age, with a Sega Dreamcast – and he’s been hooked ever since. Previously…
Don’t update your Pixel phone — a new Android update might break it
Android 14 logo on the Google Pixel 8 Pro.

Android 14 introduced a host of convenient additions to Google’s Pixel phones, but a recent minor update has utterly broken the storage system for some users. Specifically, owners of the Google Pixel 6, Google Pixel 6 Pro, and Google Pixel 6a who run multiple profiles on their phones are reporting that their phones no longer have access to the storage pipeline for the main profile.

That means users are locked out of accessing the stored media and find themselves unable to add new files as well. A few users have reported on Reddit and Google’s official community forum that they can’t even click images using the camera app because it flashes an insufficient storage warning message. A few others say trying to install an APK package also returns a similar storage writing roadblock.

Read more
This is one of the most important new Android phones of 2023
A person holding the Fairphone 5.

Fairphone has introduced the Fairphone 5, a smartphone that has the potential to still be up-to-date and working in 2031 due to the longest software upgrade commitment we’ve seen. It also has the ability to replace 10 different key components if they expire or break. Not only that, by purchasing the Fairphone 5, you’re buying a device made with total care for the planet and its people.

Emphasizing sustainability may not always capture headlines, but Fairphone’s efforts go way beyond those of most other brands. It runs an industry-first living wage program, has obtained SA8000 certification for safe and decent working conditions for the factory where the Fairphone 5 is assembled, takes its materials from fair-mined sources, and claims it has the fairest sourced smartphone battery in the industry too. Its achievements continue with recycling phones to offset new ones sold and using recycled materials to reduce the carbon footprint of the new device.

Read more
This new Android phone impressed me as soon as I picked it up
A person holding the Oppo Reno10, showing the back of the phone.

I try a lot of smartphones, and I like it when one gives me a good feeling the moment I get it out of the box and start using it. The Oppo Reno 10 managed to do exactly that, with its unusual camera module design, curved screen, and sparkly, yet modern color scheme.

But after playing with the software and taking it out to snap some photos, have I continued to warm to the Reno 10?
Out taking photos with the Reno 10

Read more