'Cloak and Dagger' is the latest malicious app that could leave Android devices compromised
Android malware continues to be rampant, and the latest is a new threat called "Cloak and Dagger." Similar to previous attacks, the exploit can gain complete control of an Android phone or tablet with the user fully unaware.
For most, "Cloak and Dagger" may be nothing new when it comes to malware alerts. The damage any exploit can do lies heavily on what he or she downloads from the web or the Google Play Store.
Also, Google has been known to come out with timely updates to address the situation. But the governing problem now is that they are still working on a fix, meaning any Android user can get infected at some point.
“We’ve been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer,” a spokesperson told Engadget. “We have updated Google Play Protect — our security services on all Android devices with Google Play — to detect and prevent the installation of these apps."
According to the full paper describing the “Cloak and Dagger” attack, the exploit would need only two permissions (the System_Alert_Window permission and The Accessibility Service) in the event it is installed via the Google Play Store. Hence, users don’t need to be asked for access and may not even be notified of the changes, BGR reports.
Among the problems the malware would bring include clickjacking, unconstrained keystroke recording, stealthy phishing, the silent installation of a God-mode app (with all permissions enabled) and silent phone unlocking + arbitrary actions. From that list alone, one can imagine how Android users may end up helpless at some point moving forward.
For those who are pinning their hopes on the Android 7.1.2, updating to the latest stable version will not help. It seems that “Cloak and Dagger” goes beyond that, meaning only Google can come up with a remedy to prevent things from getting out of hand.
Based on the full paper about “Cloak and Dagger,” some short-term recommendations to Google have been suggested. One involves tweaking the permissions for the "System_Alert_Window," which should not be automatically granted even for the Play Store.
The other recommendation has to do with Google’s process of approving apps in the Play Store. The permissions need to be looked into closely, with manual vetting suggested as a scalable approach. The short-term fix may not be much, though the first one concerned with the "System_Alert_Window" is something Google can immediately revise.