Friday, March 29, 2024

New Dangerous Android Permission Security Flaw leads to Ransomware and Banking Malware Attacks

[jpshare]A new Android vulnerability discovered in Android’s security Mechanism which leads to several android permission based attacks during run-time including ransomware, banking malware and adware.

According to the Google Policy  gives extensive permissions to apps installed directly from Google Play,this flow  consists of several groups of permissions, with permissions considered as “dangerous” granted only during run-time which introduced for Android version 6.0.0, “Marshmallow”

According to Check Point Researchers ,it means first time an app tries to access a “dangerous” resource, the user is required to approve the necessary permission.

Other Category used for Granted Permission,which manually allow an app to use it by proceed single permission “SYSTEM_ALERT_WINDOW” (Settings -> Apps -> Draw over other apps) .

Flows In App Permission

This Extensive permission leads to display over any other app without notifying the user and performing several malicious Activities including displaying fraudulent ads, phishing scams, click-jacking, and overlay windows, which are common with banking Trojans and ransomware.

According to Check point ,it create a persistent on-top screen that will prevent non-technical users from accessing their devices. According to our findings, 74% of ransomware, 57% of adware, and 14% of banker malware abuse this permission as part of their operation. This is clearly not a minor threat, but an actual tactic used in the wild.

Impact Report

Check point Reports, 45% of Android Applications using the SYSTEM_ALERT_WINDOW permission apps from Google Play and this SYSTEM_ALERT_WINDOW permission leads to bypasses the security mechanism introduced in the previous version.

Check point Reports ,As a temporary solution, Google applied a patch in Android version 6.0.1 that allows the Play Store app to grant run-time permissions, which are later used to grant SYSTEM_ALERT_WINDOW permission to apps installed from the app store.

This means that a malicious app downloaded directly from the app store will be automatically granted this dangerous permission.

Google responded for this flow as already set plans to protect users against this threat in the upcoming version “Android O”.

Also Read

Website

Latest articles

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles