Sunday, October 13, 2024
HomeMobile AttacksNew Dangerous Android Permission Security Flaw leads to Ransomware and Banking Malware...

New Dangerous Android Permission Security Flaw leads to Ransomware and Banking Malware Attacks

Published on

Malware protection

[jpshare]A new Android vulnerability discovered in Android’s security Mechanism which leads to several android permission based attacks during run-time including ransomware, banking malware and adware.

According to the Google Policy  gives extensive permissions to apps installed directly from Google Play,this flow  consists of several groups of permissions, with permissions considered as “dangerous” granted only during run-time which introduced for Android version 6.0.0, “Marshmallow”

According to Check Point Researchers ,it means first time an app tries to access a “dangerous” resource, the user is required to approve the necessary permission.

- Advertisement - SIEM as a Service

Other Category used for Granted Permission,which manually allow an app to use it by proceed single permission “SYSTEM_ALERT_WINDOW” (Settings -> Apps -> Draw over other apps) .

Flows In App Permission

This Extensive permission leads to display over any other app without notifying the user and performing several malicious Activities including displaying fraudulent ads, phishing scams, click-jacking, and overlay windows, which are common with banking Trojans and ransomware.

According to Check point ,it create a persistent on-top screen that will prevent non-technical users from accessing their devices. According to our findings, 74% of ransomware, 57% of adware, and 14% of banker malware abuse this permission as part of their operation. This is clearly not a minor threat, but an actual tactic used in the wild.

Impact Report

Check point Reports, 45% of Android Applications using the SYSTEM_ALERT_WINDOW permission apps from Google Play and this SYSTEM_ALERT_WINDOW permission leads to bypasses the security mechanism introduced in the previous version.

Check point Reports ,As a temporary solution, Google applied a patch in Android version 6.0.1 that allows the Play Store app to grant run-time permissions, which are later used to grant SYSTEM_ALERT_WINDOW permission to apps installed from the app store.

This means that a malicious app downloaded directly from the app store will be automatically granted this dangerous permission.

Google responded for this flow as already set plans to protect users against this threat in the upcoming version “Android O”.

Also Read

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Research Unveils Eight Android And iOS That Leaks Users Sensitive Data

The eight Android and iOS apps fail to adequately protect user data, which transmits...

Beware Of Dating Apps Exposing Your Personal And Location Details To Cyber Criminals

Threat actors often attack dating apps to steal personal data, including sensitive data and...

Multiple Samsung Mobile Devices Flaw Let Attackers Execute Arbitrary Code

In a cybersecurity update, Samsung announced the patching of 25 vulnerabilities in its mobile...