All Android Version Except 8.0/Oreo are Vulnerable to Toast Overlay Malware Attack

A First Android malware called TOASTAMIGO has been discovered that capable of installing other malware into infected devices using Toast Overlay attack.

Overlay attacks allow an attacker to draw on top of other windows and apps running on the affected device. With this recently found overlay assault does not require a particular permissions or conditions to be compelling.

Few months before the same attack has been discovered via Cloak & Dagger Attack 

Old Toast Overlay attack could abuse Android’s Accessibility features and leads to generate ad clicks to generate revenue and to install apps. But this one is capable of installing malware and other malicious activities.

This TOASTAMIGO Malware will entail a layer on top of the Android app, window or process that leads to trick the victims by an attacker to click the fake overlay button instead of legitimate app or window.

This Malware app is completely packed before published into Google play store.

There are two apps were discovered from Google play store and according to the package, structure analysis confirmed that both apps were created by the same developer. Trend Micro Detected this malware as ANDROIDOS_TOASTAMIGO.

According to Trend Micro Report, The Toast Overlay attack is carried out when the apps purportedly note that it’s “analyzing the unprotected apps.”
To launch an overlay attack, malicious apps will typically request the “draw on top” permission; this has been the case with Android versions up to 6.0 (Marshmallow), and if installed from Google Play, they are exempted

To Bypass the various warning dialog’s from different android version, it has some malicious function in the source code doBackgroudTask.getInstance((Context)this    will helps to the execution of certain tasks in the background.

Combination of this unique attack vector by this Toast Overlay attack, infected Android device can be victimized to anything through communicating to C&C server and update itself for getting new futures.

This Malware has some interesting future that will be executed in the background of the Android window.