android malware NC State researcher develops clickjacking rootkits

Android has seen increasing numbers of threats from malwares and viruses recently.  As the popular open sourced platform becomes even more widespread, so will the threats.  Researchers at NC State have found a hole in the Android GUI and services that allows malwares to disguise itself as a normal app.  The team developed a “clickjacking rootkit” that allows malwares to hijack a phone’s regular icon and replaces it with its own user-information-theft software.

Android has seen increasing numbers of threats from malwares and viruses recently.  As the popular open sourced platform becomes even more widespread, so will the threats.  Researchers at NC State have found a hole in the Android GUI and services that allows malwares to disguise itself as a normal app.  The team developed a “clickjacking rootkit” that allows malwares to hijack a phone’s regular icon and replaces it with its own user-information-theft software. 

The clickjacking rootkit allows people to disguise their malwares in the form of legitimate Android software.  What this means is that icons of a normal (non-harmful) software gets replaced with a malware, and when a user clicks on the seemingly “normal” icon he will launch an application that may seem to function normally, but underneath it are hijacking codes that steals user information. 

This vulnerability, as you will see in the video demonstration, is apparent in Android ICS 4.0.4.  The rootkit hasn’t been tested on previous Androids, but the chances of this vulnerability existing on previous platforms are high.  Android Jelly Bean 4.1 is still being investigated, and until then we cannot assume that any Android OS is secured. 

The rootkit exposes how various malwares can infect an Android phone and steal user information.  Even harmful apps can pass as being “normal” and un-harmful can still be downloaded from Google Play.  All this is possible because the vulnerability doesn’t require root access. 

Source: ncsu.edu via androidauthority.com