Security researchers from Trend Micro have found a new Android malware that can quietly install other malicious apps on an infected device by using the Android Toast overlay vulnerability. The malware detected by the company as ToastAmigo, which is the “first observed weaponized use” of vulnerability CVE-2017-0752 in Toast.
Overlay attacks are usually used by Android malware for phishing attacks, but using Toast gives some advantages, including the fact that it does not need the same kinds of permissions as other windows, and it enables an app to present a window that covers the device’s whole screen.
Trend Micro researchers found two applications, covered as app lockers and both named Smart AppLocker, they are being used to spread ToastAmigo malware. One of them has been installed more than 500,000 times. The full abilities of the malware are not known, but it is believed to have ad-clicking, app-installing, and self-protecting/persistence abilities.
According to Trend Micro:
“The miscellany of the malware’s malicious functionalities, combined with a relatively unique attack vector, makes them credible threats. In fact, the aforementioned functionalities can actually be modified for further cyberattacks”
“Since TOASTAMIGO and AMIGOCLICKER can misuse Android’s Accessibility feature to virtually do anything, this malware can update itself when getting the remote server’s commands.”
