- Apr 21, 2016
- 4,370
According to a group of security researchers from There's a new Android Researchers from Georgia Institute of Technology and UC Santa Barbara, there's a new Android exploit in the wild, which affects all version of Google's mobile OS.
Called Cloak and Dagger, the exploit could allow hackers to steal your information by creating a malicious app that only needs to set two permissions, namely BIND ACCESSIBILITY SERVICE ("a11y") and SYSTEM ALERT WINDOW ("draw on top"), to log keystrokes and steal your passwords and other sensitive information.
It's a fact that's not that easy to force users into enabling accessibility permissions, but skilled hackers can trick them into doing so, and once they activate both permissions, they'll be able to install software, steal data from installed apps, and basically take full control of your Android phone without you even knowing.
"In particular, we demonstrate how such an app can launch a variety of stealthy, powerful attacks, ranging from stealing user’s login credentials and security PIN, to the silent installation of a God-mode app with all permissions enabled, leaving the victim completely unsuspecting," explained the researchers in their report.
Read more: New Android Exploit Lets Hackers Steal Your Data, Google Is Aware of the Issue
Demos
Invisible Grid Attack
Context-aware/hiding Clickjacking + Silent God-mode Install Attack
Stealthy Phishing Attack
Called Cloak and Dagger, the exploit could allow hackers to steal your information by creating a malicious app that only needs to set two permissions, namely BIND ACCESSIBILITY SERVICE ("a11y") and SYSTEM ALERT WINDOW ("draw on top"), to log keystrokes and steal your passwords and other sensitive information.
It's a fact that's not that easy to force users into enabling accessibility permissions, but skilled hackers can trick them into doing so, and once they activate both permissions, they'll be able to install software, steal data from installed apps, and basically take full control of your Android phone without you even knowing.
"In particular, we demonstrate how such an app can launch a variety of stealthy, powerful attacks, ranging from stealing user’s login credentials and security PIN, to the silent installation of a God-mode app with all permissions enabled, leaving the victim completely unsuspecting," explained the researchers in their report.
Read more: New Android Exploit Lets Hackers Steal Your Data, Google Is Aware of the Issue
Demos
Invisible Grid Attack
Context-aware/hiding Clickjacking + Silent God-mode Install Attack
Stealthy Phishing Attack
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
