Android Overlay Protector

Status
Not open for further replies.
Prorootect

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855

Android Overlay Protector: Android Overlay Protector | GeeksOnSecurity

Introduction
How can we prevent overlay attacks efficiently?

Android market share has now reached almost 75% (source) of the estimated total number of smartphones. Because of this, criminals are now focusing more and more on this platform, profiting also from the weak permission management implemented in Android.

The issue we are trying to address with this product is called "Application Overlay" and permits an attacker to draw on top of any window and application running on the infected device. Firstly malicious applications monitor which applications are started by the user on the infected system. Next, once they detected a sensible application (eBanking, VPN, ...), the malware will redraw an exact login screen on top of the legitimate one. The user is incapable of distinguish the fake from the original and enters the credentials on the wrong dialog. The malware generally upload the stolen credentials to its Command & Control server. To learn more on how this vulnerability works check the articles in the press section.

Overlay attacks are known since 2011 and affect all Android versions up to Android 5.1.0 where the GET_TASKS permission has been made ineffective. According to the Android distribution of August 2015 shown in the chart below, around 97.4% of devices is affected!
droid_distribution_august2015.png
Nevertheless, cyber attackers found different ways to monitor running process using for example UsageStatsManager, AccessibilityService or by parsing /proc/*/oom_score. Someone else may just prompt fake view to the user at random time, without monitor the foreground application at all.

To avoid such attacks, our application constantly monitor every user-interface (UI) change happening on the device. Our detection engine will then check if the view element drawn on the screen is coming from the same package of the legitimate application started by the user. If is not, our application will warn you about it and let you decide if you want to whitelist the potentially malicious application or uninstall it. But careful, not every application which uses this feature want to steal your data. For example, Facebook Messenger application uses this to draw the "chat heads" on top of the screen.

...read more on the website...

_______________________

Screen Overlay Detected, what can I do?: on forums.androidcentral.com: Screen Overlay Detected, what can I do? - Android Forums at AndroidCentral.com
 
Status
Not open for further replies.

Similar threads

Brownie2019
    • Like
Unlimited Giveaway SoftOrbits Screen Recorder free license
Replies
0
Views
446
Giveaways, Promotions and Contests
Brownie2019
Brownie2019
silversurfer
    • Like
Gigabud RAT Android Banking Malware Targets Institutions Across Countries
Replies
0
Views
1,052
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • +Reputation
    • Like
    • Wow
Malware News Android malware Chameleon disables Fingerprint Unlock to steal PINs
Replies
1
Views
1,009
Security News
goldensu
G

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top