Sunday, May 11, 2025
HomeMobile AttacksNew Dangerous Android Permission Security Flaw leads to Ransomware and Banking Malware...

New Dangerous Android Permission Security Flaw leads to Ransomware and Banking Malware Attacks

Published on

SIEM as a Service

Follow Us on Google News

[jpshare]A new Android vulnerability discovered in Android’s security Mechanism which leads to several android permission based attacks during run-time including ransomware, banking malware and adware.

According to the Google Policy  gives extensive permissions to apps installed directly from Google Play,this flow  consists of several groups of permissions, with permissions considered as “dangerous” granted only during run-time which introduced for Android version 6.0.0, “Marshmallow”

According to Check Point Researchers ,it means first time an app tries to access a “dangerous” resource, the user is required to approve the necessary permission.

- Advertisement - Google News

Other Category used for Granted Permission,which manually allow an app to use it by proceed single permission “SYSTEM_ALERT_WINDOW” (Settings -> Apps -> Draw over other apps) .

Flows In App Permission

This Extensive permission leads to display over any other app without notifying the user and performing several malicious Activities including displaying fraudulent ads, phishing scams, click-jacking, and overlay windows, which are common with banking Trojans and ransomware.

According to Check point ,it create a persistent on-top screen that will prevent non-technical users from accessing their devices. According to our findings, 74% of ransomware, 57% of adware, and 14% of banker malware abuse this permission as part of their operation. This is clearly not a minor threat, but an actual tactic used in the wild.

Impact Report

Check point Reports, 45% of Android Applications using the SYSTEM_ALERT_WINDOW permission apps from Google Play and this SYSTEM_ALERT_WINDOW permission leads to bypasses the security mechanism introduced in the previous version.

Check point Reports ,As a temporary solution, Google applied a patch in Android version 6.0.1 that allows the Play Store app to grant run-time permissions, which are later used to grant SYSTEM_ALERT_WINDOW permission to apps installed from the app store.

This means that a malicious app downloaded directly from the app store will be automatically granted this dangerous permission.

Google responded for this flow as already set plans to protect users against this threat in the upcoming version “Android O”.

Also Read

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Sophisticated PhaaS Phish Toolkits are Now Genetrating Realistic Fake Phishing Pages

Cybersecurity experts are raising alarms over the proliferation of increasingly sophisticated phishing techniques that...

Critical Azure and Power Apps Vulnerabilities Allow Attackers to Exploit RCE

Microsoft has patched four critical security vulnerabilities affecting its Azure cloud services and Power...

How to Detecting Backdoors in Enterprise Networks

In today’s rapidly evolving cybersecurity landscape, enterprise networks face a particularly insidious threat: backdoors,...

Securing Windows Endpoints Using Group Policy Objects (GPOs): A Configuration Guide

Securing Windows endpoints is a top priority for organizations seeking to protect sensitive data...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

MediaTek Releases Security Patch to Fix Vulnerabilities in Mobile and IoT Devices

MediaTek, a prominent semiconductor company specializing in mobile, IoT, and multimedia chipsets, has announced...

CISA Released Secure Mobile Communication Best Practices – 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has released new best practice guidance to...

Ghost Tap Attack, Hackers Stolen Credit Card Linked To Google Pay Or Apple Pay

Threat actors are exploiting a new cash-out tactic called "Ghost Tap" to siphon funds...