It is no secret how mobile Android devices are vulnerable to a wide range of attacks, which could have drastic consequences for consumers. Especially when it comes to financial details being leaked, these Android vulnerabilities will need to be addressed sooner rather than later. Accessibility clickjacking is one of the more recent forms of malware putting over 500 million devices – and Bitcoin users around the world – at risk.
Accessibility Clickjacking is A Major Risk On Android
Earlier this month, security researchers unveiled more details on a new type of malware that is putting millions of Android devices around the world at risk. Mobile malware has been a significant threat for many years now, as users can find their devices infected without even realizing there is something nefarious going on in the background.
Accessibility clickjacking is nothing new in that regard, as this malware attack would give hackers nearly full control over an Android device. The end user would not notice something wrong is happening, yet hackers would be able to obtain all types of information stored on the Android device, including corporate and financial data.
But that is not all, as the accessibility clickjacking strain of malware would be able to impersonate the end user through email accounts and even social media profiles linked to the phone. Additionally, hackers would be able to elevate their permissions on the device and remotely encrypt or even wipe all data on the device if they would be willing to go that far.
Despite what some people might think, getting the accessibility clickjacking malware onto an Android device is not that hard. No root access is required, and the installation process requires very limited permission. Moreover, most of the protective software on Android devices – such as antivirus and malware scanner programs – will not detect accessibility clickjacking as malware, further compromising device security.
What accessibility clickjacking malware does is letting users click on an element in the Android user interface that looks normal, but is something else entirely under the hood. This type of malware has been responsible for the creation of Android ransomware – called Android.Lockdroid.e – which was discovered in February of 2016.
As a result of this accessibility clickjacking malware threat to Android users, hackers would be able to access all text-based information, and take automated access through other applications without user consent. Admin permissions can be changed, onboard storage can be encrypted, and even Bitcoin wallets are not safe from harm.
Keeping in mind how accessibility clickjacking can run applications in the background or force users to click on elements which do all kinds of nasty things in the background, it is not impossible to see hackers targeting Bitcoin wallets on Android devices. Funds could be sent from one wallet to the next without asking for user’s consent. Even PIN code protection would not do much, as the malware can read any input on the device.
Are you worried about accessibility clickjacking malware on your Android device? How do you go about protecting your mobile? Let us know in the comments below!
Images courtesy of Shutterstock, Pocketnfo