Trend Micro has released findings of its analysis of a new malware that could affect many devices running Android 7.1 Nougat or older, allowing attackers to sneak in other forms of malware to the affected device via a Toast Overlay attack called “TOASTAMIGO”. Trend Micro uncovered the Android malware which was demonstrated only as a proof-of-concept earlier this year, and according to the security firm, the malicious apps are designed to exploit the accessibility features of Google’s mobile operating system in order to automatically click on ads without the device owner’s consent, install malicious apps and hide from the detection of security tools.
Toast is an Android feature that works to superimpose notifications over a running application, window or process, and the Toast Overlay attack is doing just that: displaying Android View over other running apps in order to lure users into clicking a bogus window or button created by the attacker to replace the real one. It also disguises itself under the cloak of app lockers that use a PIN to supposedly protect device applications. Once downloaded and installed, the malicious applications would try to secure accessibility permission from the user for the apps to function on the device. After this is done, the apps begin to execute commands and actions to install another malware, taking advantage of the previous permission the apps gained from the unsuspecting user.
The attack method takes advantage of a vulnerability in Android that was fixed in September of this year, though it could not be immediately known how the Toast Overlay attack came to being again with the same functionality. Thankfully, the malware has low-key functionalities at present, meaning that it has not gained much traction among attackers as of this time, though it is only a matter of time before the other bad actors are going to replicate the technique. Trend Micro said it is likely that the functionalities of the attack can be modified by other cyber criminals to spread other forms of attacks. The security firm recommends updating devices that could be potentially affected by the malware and, if possible, releasing a patch for the vulnerability. Toast Overlay is just the latest in a long list of malware affecting Android lately. For its part, Google has already removed the malicious apps from the Play Store following Trend Micro’s recommendations.