Cloak and Dagger
Cloak and Dagger

Cloak and Dagger, a new Android Malware found by the Researchers at Georgia Institute; Surprisingly, works on all the Android versions including the latest version 7.1.2. This attack allows hackers to steal the user’s private data like device PIN, keystrokes, Online passwords, OTP codes, contacts, and chats.

How this new Android attack, Cloak & Dagger exploits the targets?

Cloak & Dagger is a new class of potential attacks, used through permissions of the Android apps. These attacks didn’t include any code or other tools. The attacks allow a malicious app to control the Android UI interface loop to take over the device. This attack can be conducted Silently with the user’s notice. As part of testing on 20 users, none of them is aware of the attack.

This new Android attack requires only two permissions from the malicious app.
  • “draw on top” – SYSTEM_ALERT_WINDOW.

The first one, “draw on top,” is to allows apps to overlay on a device’s screen and the top of other apps. Google is enabling this permission by default for all the installed apps since the Android Marshmallow. The second permission, “a11y,” is designed to help blind or visually impaired users to enter inputs using voice commands, and listen to the output using screen reader feature.

The researchers reported that Google measures for detecting the malicious apps do not seem to be enough. The researchers explained:

In particular, we submitted an app requiring these two permissions and containing a non-obfuscated functionality to download. Google approved this app just after a few hours, and it is still available on the Play Store.

Whenever a user installs this malicious app, the attacker can secretly take over and spy on your every activity on the Android phone. The possible attacks include clickjacking, unconstrained keystroke recording, stealthy phishing. The attackers can also silently install other malicious apps with all permissions enabled, and other arbitrary actions while keeping the screen off. Further, the team included some demo videos for reference. Watch them below.

Stay Cautious and Protected:

  • As long as you didn’t experiment with unknown or malicious apps, you are safe.
  • Always keep an eye on the permissions you are granting for the new apps.
  • You can disable ‘Draw on top’ in the permissions. Go to Settings>>Apps>> Gear symbol on top right>> Special acess>> Draw on top and disable it. This process works only on Android Nougat.

It is good news that Researcher’s found this exploit. If the exploits were into hackers hands, millions of the Android users would be in trouble by now.  The University researchers have already reported about this new attack vector to Google. We doubt if the changes in Android O build can resolve this issues. Since the issue resides in the designing of Android OS itself, the problem may take more time to solve.