Android Clickjacking Rootkit Demonstrated
Mobile security researchers have identified an aspect of Android 4.0.4 (Ice Cream Sandwich) and earlier models that clickjacking rootkits could exploit. Researchers at NC State in the US have developed a proof-of-concept prototype rootkit that attacks the Android framework and could be used to steal personal information.
What is clickjacking? It is a malicious technique that tricks users and is often used to take over computers, web cams, or snag confidential info that is revealed by users who thinks they are on an innocent webpage.
Like most Android malware, the rootkit can be distributed as a malicious app, opening up a host of potential vulnerabilities on any device on which it is installed. However, it functions in a different way.
The rootkit, which could be bundled with an app and is said to be undetectable by anti-virus packages, would allow an attacker to replace a smartphone's browser with a version that logs key strokes to capture bank card data and uploads them to a hacker-controlled website.
Jiang explained in a video in which he demonstrates the rootkit in action:
In a demonstration video, the rootkit is shown manipulating the apps on a smartphone. Such a program could be used by cybercriminals to replace an app with a malicious data stealing version that appears legitimate to the user.
“This would be a more sophisticated type of attack than we’ve seen before,” says Jiang, “But there is good news. Now that we’ve identified the problem, we can begin working on ways to protect against attacks like these.”