Researchers have found dozens of malware that impersonate legitimate applications by fitting into their application flow.These malware is a sophisticated attack that affects all versions of Android and against which there is no protection.
The Android ecosystem is facing a new wave of malware, particularly clever. They exploit a flaw in the management of Android multitasking, which allows them to fit – neither seen nor known – in the course of virtually any application and, thus, to impersonate. This opens the door to many scenarios. The hackers can thus increase their access privileges, steal identifiers, record conversations, take photos without the user’s knowledge, geotag the device, read the SMS, siphon the address book, etc.
The Money Disappeared From The Accounts
Researchers from companies Promon and Lookout have detected at least 36 malware that use this flaw to hack users, including their banking data. This happened recently to the users of some Czech banks who have seen money disappear from their accounts.
Some of these malwares have been active since at least 2017. None of them were available directly on Google Play. However, some applications in this shop installed these software’s without the knowledge of the user. These malicious downloads have since ejected from the store. Unfortunately, the flaw still exists in all versions of Android. It is only a matter of time before these malwares reappear.
The bottom line is the design Google has multitasked on Android. When launching an application, a “task” is created in memory. Each time you navigate to a new screen of the application, a new “activity” is stacked in this task. If we go back, it is destroyed. If the user changes the application, it keeps this stack of activities in memory, which allows him to find the thread of his navigation if he returns to it. Which is very convenient? Tasks can also stack activities from another application. This happens, for example, when you launch the browser from the mail.
A Royal Road To Deceive The User
By cleverly using this cross-referencing, hackers manage malicious activities into legitimate application tasks. If these activities faithfully reproduce the look and graphics of the targeted software, users are not aware of anything and quite easily accept requests for access rights or connection requests.
For Google, these attacks are probably not a surprise. In 2015, researchers at the University of Pennsylvania had already shown that the management of Android multitasking allowed such attacks. Google did not care, considering that the risk was minimal. But obviously, he was not. It is hoped that the computer giant changes his opinion on the issue and adds, finally, protective measures.