Millions of Android smartphones are at serious risk of “screen hijack” vulnerability that allows hackers to steal your passwords, bank details, as well as helps ransomware apps extort money from victims.
The worse thing is that Google says it won’t be patched until the release of ‘Android O’ version, which is scheduled for release in the 3rd quarter this year.
And the worse, worse, worse thing is that millions of users are still waiting for Android N update from their device manufacturers (OEMs), which apparently means that majority of smartphone users will continue to be victimized by ransomware, adware and banking Trojans for at least next one year.
According to CheckPoint security researchers, who discovered this critical flaw, the problem originates due to a new permission called “SYSTEM_ALERT_WINDOW,” which allows apps to overlap on a device’s screen and top of other apps.
This is the same feature that lets Facebook Messenger floats on your screen and pops up when someone wants to chat.
Starting with Android Marshmallow (version 6), launched in October 2015, Google updated its policy that by default grants this extremely sensitive permission to all applications directly installed from the official Google Play Store.
This feature that lets malicious apps hijack a device’s screen is one of the most widely exploited methods used by cyber criminals and hackers to trick unwitting Android users into falling victims for malware and phishing scams.
“According to our findings, 74 percent of ransomware, 57 percent of adware, and 14 percent of banker malware abuse this permission as part of their operation. This is clearly not a minor threat, but an actual tactic used in the wild,” CheckPoint researchers notes.
Google has been using an automated malware scanner called Bouncer to find malicious apps and prevent them from entering the Google Play Store.
Unfortunately, it’s a known fact that Google Bouncer is not enough to keep all malware out of the market and our readers who are following regular security updates better aware of frequent headlines like, “ransomware apps found on play store,” “hundreds of apps infected with adware targeting play store users.”
Recently, researchers uncovered several Android apps available on Play Store carrying the ‘BankBot banking trojan,’ which abused the SYSTEM_ALERT_WINDOW permission to display overlays identical to each targeted bank app’s login pages and steal victims’ banking passwords.
This means that still, an unknown number of malicious apps are out there on Google Play Store equipped with this dangerous permission, which could threaten the security of millions of Android users.
“After Check Point reported this flaw, Google responded it has already set plans to protect users against this threat in the upcoming version “Android O.”
“This will be done by creating a new restrictive permission called TYPE_APPLICATION_OVERLAY, which blocks windows from being positioned above any critical system windows, allowing users to access settings and block an app from displaying alert windows.”
Meanwhile, users are recommended to beware of fishy apps, even when downloading from Google Play Store.
Moreover, try to stick to the trusted brands only and always look at the comments left by other users.
Always verify app permissions before installing apps and grant only those permissions which have relevant context for the app’s purpose if you want to be safe.