vlog

NOWCAST vlog News at 7am Sunday Morning
Watch on Demand
Advertisement

Malware that steals PIN numbers, passwords targets Android users

Cloak and Dagger can operate without the knowledge of Android owners
Abigail Elise
National Curator
Malware that steals PIN numbers, passwords targets Android users

Cloak and Dagger can operate without the knowledge of Android owners

Advertisement
Malware that steals PIN numbers, passwords targets Android users

Cloak and Dagger can operate without the knowledge of Android owners
Abigail Elise
National Curator
A new type of Android malware allows hackers to control devices, record keystrokes and install software - all without alerting smartphone owners. Dubbed Cloak and Dagger, the attack infiltrates the Google-developed operating system with just two user permissions - System Alert Window (draw on top) and Bind Accessibility Service (a11y). Once installed, Cloak and Dagger can steal PIN numbers, insert ads, obtain two-factor authentication tokens and more. Discovered by a team of cybersecurity experts from Georgia Tech and UC Santa Barbara, Cloak and Dagger carries out malicious activity under the guise of seemingly-innocuous graphics.Android versions 5.1.1, 6.0.1 and 7.1.2 are all vulnerable to Cloak and Dagger. "To make things worse, we noticed that the accessibility app can inject the events, unlock the phone, and interact with any other app while the phone screen remains off," researchers said. "That is, an attacker can perform a series of malicious operations with the screen completely off and, at the end, it can lock the phone back, leaving the user completely in the dark." To avoid downloading the malware, users should check which applications have access to Android's "draw on top" and "a11y" permissions. "Unfortunately, both permissions are considered 'special' and, for this reason, certain versions of Android may show 'no permission required' even if...the app has access to both the permissions required for our attack," the team explained. You can view more in-depth instructions for avoiding Cloak and Dagger here. Why are hackers targeting Android users? The Google-developed operating system is "more open and adaptable," said security software company Sophos. Any app featured in Apple's iOS store has gone through an in-depth analysis - the thorough vetting process blocks "widespread malware infection" among iPhone users. Applications infected with malware are becoming problematic for app developers and consumers. Cybersecurity experts have warned smartphone owners to refrain from downloading third-party apps from unofficial sources, but the presence of malicious apps in official stores make it difficult for users to identify which ones are trustworthy.

A new type of Android malware allows hackers to control devices, record keystrokes and install software - all without alerting smartphone owners.

, the attack infiltrates the Google-developed operating system with just two user permissions - System Alert Window (draw on top) and Bind Accessibility Service (a11y).

Advertisement

Related Content

Once installed, Cloak and Dagger can steal PIN numbers, insert ads, obtain two-factor authentication tokens and more.

Discovered by a team of cybersecurity experts from Georgia Tech and UC Santa Barbara, Cloak and Dagger carries out malicious activity under the guise of seemingly-innocuous graphics.

Android versions 5.1.1, 6.0.1 and 7.1.2 are all vulnerable to Cloak and Dagger.

"To make things worse, we noticed that the accessibility app can inject the events, unlock the phone, and interact with any other app while the phone screen remains off," researchers said. "That is, an attacker can perform a series of malicious operations with the screen completely off and, at the end, it can lock the phone back, leaving the user completely in the dark."

To avoid downloading the malware, users should check which applications have access to Android's "draw on top" and "a11y" permissions.

"Unfortunately, both permissions are considered 'special' and, for this reason, certain versions of Android may show 'no permission required' even if...the app has access to both the permissions required for our attack," the team explained.

You can view more in-depth instructions for avoiding .

Why are hackers targeting Android users?

The Google-developed operating system is "more open and adaptable," said security .

Any app featured in Apple's iOS store has gone through an in-depth analysis - the thorough vetting process blocks "widespread malware infection" among iPhone users.

Applications infected with malware are becoming problematic for app developers and consumers. Cybersecurity experts have warned smartphone owners to refrain from downloading third-party apps from unofficial sources, but the presence of malicious apps in official stores make it difficult for users to identify which ones are trustworthy.

Top Picks

It's a girl! Shohei Ohtani of the Dodgers is now a father
30 years after the Oklahoma City bombing: Learn more about the 168 people who were killed
A look at what happened in the US government this week
Get the Facts: Autism rates rose to 1 in 31, this is the CDC data