Mobile security experts from Palo Alto Networks have detailed a new attack on Android devices that uses "
Toast" notifications to help malware in obtaining admin rights or access to Android's Accessibility service — often used to take over users' smartphones.
During the past few years, most of the top Android malware has used the same trick to get full control over a user's device.
That trick relied on malware fooling users during an app installation process to grant it the permission to display content on top of other apps — via the "Draw on top" permission.
Once malicious apps obtained this permission, they would use it to display intrusive popups on the user screen, asking the user to confirm some message or take some action. In reality, the app would request access to the Android Accessibility service but use the "Draw on top" permission to display fake messages on top of the "Activate" button.
Similarly, malicious apps would use the same "Draw on top" permission to display fake content on top of the popup that grants the attacker admin rights.
This technique was known and used in live attack for at least two years but was explained for the first time in depth in a research paper named "
Cloak & Dagger," a name that's now used to describe this entire attack routine.
