The latest malware scare might be the most terrifying to date.
Mobile security company Skycure co-founders Adi Sharabani and Yair Amit announced at the RSA conference in San Francisco this week that a new form of malware puts a vast majority of Android device users at risk. Called “accessibility clickjacking,” it’s one of the more ingenious methods of gaining access to someone’s phone.
As Skycure explains, clickjacking is a technique which tricks victims into clicking on an element that might not actually appear on the screen. By overlaying something relatively benign on the display, a user might be manually allowing access to his or her phone without ever knowing the difference.
“Accessibility Clickjacking can allow malicious applications to access all text-based sensitive information on an infected Android device, as well as take automated actions via other apps or the operating system, without the victim’s consent,” Skycure explains. “This would include all personal and work emails, SMS messages, data from messaging apps, sensitive data on business applications such as CRM software, marketing automation software and more.”
If you want to see accessibility clickjacking in action, just watch the video from Skycure below, which utilizes a free ‘Rick and Morty’-themed game to get users to unknowingly enable certain accessibility features:
The most frightening aspect of this discovery is that Skycure was able to replicate the vulnerability on 65% of Android devices — basically anything from Android 2.2 Froyo to Android 4.4 KitKat. Unless you’re upgraded to Lollipop or above, you could potentially be a victim of accessibility clickjacking in the future.