November 13, 2017 By Shane Schick 2 min read

Android users may be spending more time on malware removal following the discovery of an exploit associated with the Toast feature in Google’s operating system.

ToastAmigo Uses Toast Overlay Attack

Researchers at Trend Micro first warned users about the malware removal work back in September when Google patched the vulnerability. Identified as ToastAmigo, the Toast overlay attack allows notifications to display on top of other applications.

The attack fools Android users into downloading a fictitious security tool called Smart Applocker. While the app supposedly scans a device for security issues and shows progress using Android’s Toast feature, a second piece of malware, dubbed AmigoClicker, infects the smartphone. The threat can then gain access to other apps, collect information from Google accounts and even rate itself on Google Play.

According to SecurityWeek, the cybercriminals targeted Android’s Toast feature because it masks the smartphone’s display while they do their dirty work. It also doesn’t require attackers to make numerous requests that might arouse suspicion. The persistence of the technique ensures that, even once it has been discovered, malware removal might prove time-consuming and difficult.

Industry Response

Google was well-aware that Android Toast could prove attractive to cybercriminals. It conducted a proof-of-concept test involving a similar attack earlier this year, but this proved more difficult to execute than ToastAmigo, SC Magazine reported. The company then offered a fix in the hopes that it wouldn’t have yet another malware situation on its hands.

As the name implies, Toast works almost like a pop-up on the user’s screen. This makes an overlay attack harder to spot because cybercriminals can set legitimate-looking content over something that would otherwise clearly be a candidate for malware removal.

Google is taking action based on ToastAmigo, Android Soul reported. Because the Toast overlay attack is hijacking features to get at user data, app developers are being asked not to make use of Accessibility Services in Android unless the software offers disability assistance. Failure to comply could result in those apps being pulled from Google Play — before users flag any other malware removal issues.

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today