Toast Overlay Message Exploit Found on the Google Play Store

in #news7 years ago
A few months ago, an Android toast overlay message was misused toast overlay system to push the full-screen overlay by pushing through a toast notification. This allowed a malicious attacker to engraft a UI window through a toast overlay, which was designed to enable users to inadvertently enable administrator access to an application or enable accessibility services for the application. Now, it seems that, this overlay exploitation attack has been found in the Google Play Store, and Trend Macro detected the attack in the form of Androisao Automibeo. The exploitation found in the Google Play Store was found in many applications, out of which more than 500,000 downloads are included on November 6, 2017

Toastomigo is the first weapon of concept and Android affects all versions of Android except for Oreo and devices, which have received security patches in September 2017 or later. When asked to provide accessibility service access, the applications in question used to create an "Analysis App" overlay on the screen, because it has provided itself administrator access and the other on Clickamigo dubbed device Accessibility service provided by using the Tap Actions to install the application works because the user Do not need to provide overload access, so regular users will not notice that something looks malicious
The main purpose of the Clickamigo attack seems to be that when the ad network is loading and they do not load while using a proxy server, then clickamigo adobe or facebook ads get the benefit so that the original manufacturer of the application gets the benefit. The application then saves itself through similar methods of administering access to access and accessibility services, as well as disables mobile security applications on the device and also gives itself ratings on Google Play Store Could.


It just shows that due to an app available in the Play Store it does not mean that it is safe. Users should still be cautious of the applications they install and use.

Coin Marketplace

STEEM 0.18
TRX 0.15
JST 0.029
BTC 63135.01
ETH 2546.56
USDT 1.00
SBD 2.64