Findings and analysis of a new Android malware has been released by Trend Micro. This new Android malware could potentially affect many Android devices, especially those devices running Android 7.1 Nougat and older versions of Android. This new security threat allows hackers to sneak in other forms of malware to the compromised device through the Toast Overlay attack deemed as “TOASTAMIGO”.
This Android malware, which was demonstrated just this year as a proof of concept, was uncovered by Trend Micro. According to this security firm, the malware-laden apps are designed to exploit the accessibility features of Google’s Android operating system so that it can click on ads automatically without the users knowing and even install additional malicious apps and stay undetected by some mobile security programs.
What exactly is Toast?
Toast is actually an Android feature that functions to place over notifications over a running application, window or process. And unsurprisingly, this new Android malware is doing exactly the same thing, only this time in a malicious way. It displays Android View over any running app so that it can lure users in clicking some dubious window or button which is created by the hackers to replace the real one. In addition, the malware disguises itself under the cloak of app lockers that use a PIN to protect the device applications supposedly. Once the malware-laden applications are downloaded and installed, they would try to obtain accessibility permission from the user so that the malicious apps can function on the infected device.
After it obtains all the permission it needs for the malicious apps to function, these apps will start to execute some commands and actions to once again install another malware. It takes advantage of the previous permissions given to the infected apps from the gullible user.
The method of the attack takes advantage of a vulnerability found in Android which was already fixed way back in September 2017. However, it is a mystery how this Toast overlay malware emerged again when this vulnerability was already fixed – supposedly. So many security experts are puzzled how come the same Toast overlay was able to begin again with the very same functionality. Fortunately, the malware only has low-key functionalities as of now so it hasn’t gained much pull from potential attackers. However, it is only a matter of time before other crooks will use the same technique and worse, they might make modifications to make it even stronger. Nevertheless, according to Trend Micro, it is likely that the same functionality of the Toast overlay attack can be modified by other cyber crooks in spreading other forms of malware. They also recommended that Android users must update their devices which are potentially prone to the new Android malware and as soon as possible a patch must be released to remedy this vulnerability. Among the very long list of malware affecting Android lately, Toast Overlay is just one of them. Moreover, following Trend Micro’s recommendations, Google has already gotten rid of the malicious apps from the Google Play Store.