ANDROID users who are not still upgrading to Android Oreo have been receiving a warning about a terrifying new malware threat that lets hackers take control of a victim’s phone.
As launched last month, Android Oreo is currently available on selected devices. It includes a set of tweaks and minor improvements to the smartphone and tablet operating system. The eighth major software iteration includes notification dots on app icons, picture-in-picture video playback, and auto fill to quickly and securely enter passwords and other personal information in website forms. Oreo will also restrict background apps from draining the battery to help eek more usage from each charge.
But while the update offers more of a refinement of the Android experience than a wholesale revision, there’s one very important reason to upgrade. Security experts have warned that those who have not upgraded yet to Android Oreo are vulnerable to a terrifying new malware threat.
The threat is for any Android user running a version older than Oreo, and sees victims at risk from an overlay attack. The malware draws up a fake screen for users to click on which hides what’s really happening. Worst case scenario, it could allow the malicious software to take control of the phone and render it unusable.
However, Palo Alto Networks said Android should have prevented the overlay attack as there were two big hurdles the malware had to bypass.
Security expert Christopher Budd said in a blog post: “Everyone has believed that malicious apps attempting to carry out overlay attacks must overcome two significant hurdles to be successful.
“One – they must explicitly request the “draw on top” permission from the user when installed.
“Two – they must be installed from Google Play.
“These are significant mitigating factors and so overlay attacks haven’t been reckoned a serious threat.”
The vulnerability discovered by Palo Alto’s Unit 42 threat research team bypasses these requirements.
It exploits a notification type called Toast that Android documentation describes as “a view containing a quick little message for the user.
Budd added: “In light of this latest research, the risk of overlay attacks takes on a greater significance. Fortunately, the latest version of Android is immune from these attacks ‘out of the box.’
“However, most people who run Android run versions that are vulnerable. This means that it’s critical for all Android users on versions before 8.0 to get updates for their devices.
“You can get information on patch and update availability from your mobile carrier or handset maker.”
The news comes after Express.co.uk revealed that Samsung Galaxy S8 and Galaxy S8+ owners could be getting an upgrade to Android Oreo soon. The South Korean technology company is believed to be hard at work on a custom version of Android 8.0 for its flagship smartphone range. According to technology blog SamMobile, Samsung is forging ahead with an accelerated schedule for the launch of Oreo. SamMobile, which has a strong track record when it comes to Samsung leaks, claims the technology firm may initiate a “beta-testing program for early adopters, like it did for the Galaxy S7 and S7 Edge“ soon. The Android 8.0 update for Samsung Galaxy S8 and Galaxy S8+ will be called G955FXXU1BQI1 and G950FXXU1BQI1, SamMobile claims.