A new malware has been uncovered that uses an updated methodology to abuse the previously patched Android Toast overlay vulnerability, which once installed, can download additional malware as well as use various permissions to access the phone.
The malware is called ToastAmigo, detected by Trend Micro as ANDROIDOS_TOASTAMIGO, and is believed to represent the first observed weaponized use of vulnerability CVE-2017-0752 in Toast, Trend Micro mobile threat analyst Lorin Wu reported. This type of attack was shown as possible in a proof of concept earlier this year and Google issued a patch for the flaw in September.
Trend Micro found two apps, disguised as app lockers and both named Smart AppLocker, that are being used to spread ToastAmigo. One of the apps has been downloaded more than 500,000 times (Wu did not say which) as of November 6. The full extent of the malware’s capabilities are not known, but it is thought to have ad-clicking, app-installing, and self-protecting/persistence capabilities.