Think your phone is free from data-theft in 2016? Think again, for a new Android malware called “accessibility clickjacking” is here, leaving more than 500 million Android devices worldwide vulnerable.
The vulnerability, discovered by the founders of mobile security firm Skycure, deceives users through a “malicious UI redressing technique” which causes the user to click on a link on that otherwise normal-looking webpage, which in fact contains some infected content.
The threat is very much real too, as only a month ago Symantec found a ransomware called “Android.Lockdroid.E”, which used Advertising Clickjacking to earn admin rights to a device.
What sort of data is left vulnerable? The answer is all text-based information in your phone or tablet which can include your “personal and work emails, SMS messages, data from messaging apps, sensitive data on business applications such as CRM software, marketing automation software and more” , as well as other “automated actions via other apps or the operating system, without the victim’s consent”.
Skycure also has a video on this threat, that shows a benign-looking game which is actually using the taps to activate certain actions under the “Accessibility” menu.
Devices running on Android versions 2.2 (Froyo) to 4.4 Jelly Bean are said to be affected by the bug, which make up 65 percent of all Android devices worldwide. The most logical solution for you is to update the software to Lollipop (version 5.0), if you haven’t already done so.
Otherwise, you can try to remain on the safe side by not installing apps from third-party stores and not clicking dialogue boxes from unverified sources. Lastly, go to the “Accessibility “options under your Settings app, and uncheck any group named “Services” over there. It is also probably a good idea to download a mobile threat defense app for better security and regular checks.