Categories: Mobile Attacks

New Dangerous Android Permission Security Flaw leads to Ransomware and Banking Malware Attacks

[jpshare]A new Android vulnerability discovered in Android’s security Mechanism which leads to several android permission based attacks during run-time including ransomware, banking malware and adware.

According to the Google Policy  gives extensive permissions to apps installed directly from Google Play,this flow  consists of several groups of permissions, with permissions considered as “dangerous” granted only during run-time which introduced for Android version 6.0.0, “Marshmallow”

According to Check Point Researchers ,it means first time an app tries to access a “dangerous” resource, the user is required to approve the necessary permission.

Other Category used for Granted Permission,which manually allow an app to use it by proceed single permission “SYSTEM_ALERT_WINDOW” (Settings -> Apps -> Draw over other apps) .

Flows In App Permission

This Extensive permission leads to display over any other app without notifying the user and performing several malicious Activities including displaying fraudulent ads, phishing scams, click-jacking, and overlay windows, which are common with banking Trojans and ransomware.

According to Check point ,it create a persistent on-top screen that will prevent non-technical users from accessing their devices. According to our findings, 74% of ransomware, 57% of adware, and 14% of banker malware abuse this permission as part of their operation. This is clearly not a minor threat, but an actual tactic used in the wild.

Impact Report

Check point Reports, 45% of Android Applications using the SYSTEM_ALERT_WINDOW permission apps from Google Play and this SYSTEM_ALERT_WINDOW permission leads to bypasses the security mechanism introduced in the previous version.

Check point Reports ,As a temporary solution, Google applied a patch in Android version 6.0.1 that allows the Play Store app to grant run-time permissions, which are later used to grant SYSTEM_ALERT_WINDOW permission to apps installed from the app store.

This means that a malicious app downloaded directly from the app store will be automatically granted this dangerous permission.

Google responded for this flow as already set plans to protect users against this threat in the upcoming version “Android O”.

Also Read

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Sakura RAT Released on GitHub Can Bypass Antivirus and EDR Tools

A newly developed remote administration tool (RAT) named "Sakura RAT" has been released on GitHub,…

1 hour ago

Dell PowerProtect Flaw Allows Remote Attackers to Execute Arbitrary Commands

Dell Technologies has released a security update addressing a critical vulnerability (CVE-2025-29987) in its PowerProtect…

1 hour ago

Critical pgAdmin Flaw Allows Remote Code Execution

A severe Remote Code Execution (RCE) vulnerability in pgAdmin (CVE-2025-2945), the popular PostgreSQL database management…

2 hours ago

Bitdefender GravityZone Console PHP Vulnerability Lets Hackers Execute Arbitrary Commands

Cybersecurity firm Bitdefender has patched a severe flaw (CVE-2025-2244) in its GravityZone Console, which could…

3 hours ago

NICE Workforce Framework 2.0.0 Released: Everything New and Improved

The National Initiative for Cybersecurity Education (NICE) Workforce Framework for Cybersecurity has undergone a significant…

3 hours ago

10 Best XDR (Extended Detection & Response) Solutions 2025

As cyber threats grow increasingly sophisticated, traditional security tools often fall short in providing comprehensive…

4 hours ago