Toast Overlay Weaponized to Install Several Android Malware [source: trendmicro]
by CIRT Team
We uncovered new Android malware that can surreptitiously install other malware on the affected device via the Toast Overlay attack: TOASTAMIGO, detected by Trend Micro as ANDROIDOS_TOASTAMIGO. The malicious apps, one of which had over 500,000 installs as of November 6, 2017, abuses Android’s Accessibility features, enabling them—at least for now—to have ad-clicking, app-installing and self-protecting/persistence capabilities.
Overlay attacks entail drawing and superimposing Android View (i.e., images, buttons) atop other running apps, windows or processes. A typical scenario for a Toast Overlay attack is to employ it to trick the user into clicking a window or button specified by the attacker instead of the legitimate one. The technique, which was demonstrated earlier this year, leverages a vulnerability in Toast (CVE-2017-0752, patched last September), a feature in Android used to display notifications over other applications.
TOASTAMIGO is the first we’ve seen to weaponize this proof of concept, and like many before it, we’re bound to see this threat (and the other malware that it downloads/installs) being fine-tuned—given the malware’s relatively low-key functionalities as of this time—or mimicked by other cybercriminals. All versions of Android OS except the latest (8.0/Oreo) are affected, so users with earlier versions are urged to update and patch their device.
For more, click here.