Android malware is a serious problem that can cause you all kinds of trouble if you’re not paying attention to what you install on your device. Even apps that come from the Google Play store can sometimes contain malware, and researchers have discovered new tools that would allow hackers to take control of an Android device without the user even knowing it.
Described as a “Cloak and Dagger” attack by researchers from UC Santa Barbara and Georgia Tech, the malware would let a malicious app gain complete control of an Android phone or tablet. The user, meanwhile, would not suspect anything, and the malware would even be able to perform tasks with the screen turned off.
“These attacks only require two permissions that, in case the app is installed from the Play Store, the user does not need to explicitly grant and for which [the user] is not even notified,” the researchers explained. “The possible attacks include advanced clickjacking, unconstrained keystroke recording, stealthy phishing, the silent installation of a God-mode app (with all permissions enabled), and silent phone unlocking + arbitrary actions (while keeping the screen off).”
All Android versions to date, including Android 7.1.2, which is the latest stable version of Android, are at risk to this type of attack, according to the researchers.
Hackers exploiting these vulnerabilities would be able to record everything you type on the phone, including passwords and private messages. They would be able to steal PINs, unlock the device while keeping the screen off, and even steal two-factor authentication tokens.
Google is aware of the issue and is working on a fix. But it’s unclear when fixes might be made available, or whether the patches will be applied to older versions of Android.
“We’ve been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer,” a spokesperson told Engadget. “We have updated Google Play Protect — our security services on all Android devices with Google Play — to detect and prevent the installation of these apps. Prior to this report, we had already built new security protections into Android O that will further strengthen our protection from these issues, moving forward.”
The full paper describing Cloak and Dagger is available at this link, and the following videos show various exploits in action: