Friday, May 9, 2025
HomeMobile AttacksMillions of Android Phones including latest Versions Vulnerable to Cloak & Dagger...

Millions of Android Phones including latest Versions Vulnerable to Cloak & Dagger attack

Published on

SIEM as a Service

Follow Us on Google News

Cloak & Dagger attack discovered by security experts from Georgia Institute of Technology, which allows attackers to get complete control over your device.

These attack just require two permission that, in the event that the application is installed from the Play Store, the client does not require to grant permission and even the users are not notified.

Users don’t get notified about this malicious activity, and it will affect all the versions of Android including (including the latest version, Android 7.1.2).

Permissions for Takeaway

Permission abused by Cloak and Dagger attacks

- Advertisement - Google News
  • SYSTEM_ALERT_WINDOW (“draw on top”).
  • BIND_ACCESSIBILITY_SERVICE (“a11y”).

If the user installed the malicious app from Google play store, the user’s not required to give any permission to get succeed with this attack, and it doesn’t show any indication to the user.

In this situation “draw on top” is simply possible, and this authorization is sufficient to bait the client into unconsciously enabling a11y (through clickjacking).

The conceivable attacks incorporate progressed clickjacking, unconstrained keystroke recording, stealthy phishing, the quiet establishment of a God-mode application (with all authorizations permissions), and silent phone crack + arbitrary activities (while keeping the screen off).

Possible attacks due to Permission Issue

Security experts from Cloak & Dagger highlighted various possible attacks due to this permission issues:

“draw on top” permission

  • Context-aware clickjacking & Context hiding (Enabling accessibility).
  • Invisible Grid Attack (keyboard Sniffer).

“accessibility service” permission

  • Keystroke recording.
  • Web exploration.
  • Ad hijacking.
  • Device unlocks through PIN Injection.
  • Hijacking two-factor Auth Tokens.

With Both permissions

  • Silent installation.
  • Stealthy phishing.

Video PoC of the attacks by security experts at Cloak and Dagger.

Infected version

  • Android 5.1.1 (32.0%*)
  • Android 6.0.1 (31.2%)
  • Android 7.1.2 (7.1%)

Recommended for users

Security specialists from Cloak and Dagger recommend users to check which applications approach the “draw on top” and the a11y authorizations.

To moderate the issue and cripple the Cloak and Dagger assaults in Android 7.1.2 it is conceivable to disable the “draw on top” permission:

Android 7.1.2   Settings → Apps → "Gear symbol" → Draw over Other Apps.

Also Read

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Cyberattackers Targeting IT Help Desks for Initial Breach

Cybercriminals are increasingly impersonating IT support personnel and trusted authorities to manipulate victims into...

New Stealthy .NET Malware Hiding Malicious Payloads Within Bitmap Resources

Cybersecurity researchers at Palo Alto Networks' Unit 42 have uncovered a novel obfuscation method...

Hackers Weaponizing Facebook Ads to Deploy Multi-Stage Malware Attacks

A persistent and highly sophisticated malvertising campaign on Facebook has been uncovered by Bitdefender...

Threat Actors Target Job Seekers with Three New Unique Adversaries

Netcraft has uncovered a sharp rise in recruitment scams in 2024, driven by three...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

MediaTek Releases Security Patch to Fix Vulnerabilities in Mobile and IoT Devices

MediaTek, a prominent semiconductor company specializing in mobile, IoT, and multimedia chipsets, has announced...

CISA Released Secure Mobile Communication Best Practices – 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has released new best practice guidance to...

Ghost Tap Attack, Hackers Stolen Credit Card Linked To Google Pay Or Apple Pay

Threat actors are exploiting a new cash-out tactic called "Ghost Tap" to siphon funds...