New Android Exploit ‘Cloak and Dagger’ Lets Attackers Steal User Data

Gone are those days when Google play store was a trusted place for downloads and it seems like hackers are bypassing the security protocols of Google play store quite easily as a new attack called “Cloak & Dagger” was spotted by security researchers which could let the hackers take over the infected device. 

According to the security researchers from Georgia Institute of Technology and UC Santa Barbara, these attacks are designed to steal user’s information of an infected device. However, the attackers can do much more damage if they want to.

Cloak & Dagger explained: It seems like attackers have infected some of the apps on Google Play store (the exact number and names of these apps are still unknown), and as soon as the infected app is installed, the attacker can begin their magic. The malicious app will require only two permissions called “BIND ACCESSIBILITY SERVICE (“a11y”)” and SYSTEM ALERT WINDOW (“draw on top”). As soon as the app gets these permissions, it will start stealing all the sensitive information including password credentials, bank details, etc from the infected device. Considering the new social engineering methods used by the hackers, it’s safe to say that getting these two permissions will not be a difficult task for them.

In their report security researchers from explained that “In particular, we demonstrate how such an app can launch a variety of stealthy, powerful attacks, ranging from stealing user’s login credentials and security PIN to the silent installation of a God-mode app with all permissions enabled, leaving the victim completely unsuspecting.”

Vulnerability reported to Google authorities: Lucky for us, researchers have reported these attacks and Google authorities have already begun working on a patch. The official statement from Google says:

“We’ve been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer. We have updated Google Play Protect – our security services on all Android devices with Google Play – to detect and prevent the installation of these apps. Before this report, we had already built new security protections into Android O that will further strengthen our protection from these issues moving forward.”

The next Android update will automatically solve this security issue. There is, however, one problem! The update will take quite a lot of time to get to each and every user out there therefore meanwhile avoid download unnecessary apps from both Google Play Store and third-party sites.

Here are the demo videos of this attack

This demo video shows a demo of the “Stealthy Phishing Attack”, one of the Cloak & Dagger attacks:

This video shows a demo of the “Contex Aware/Hiding Clickjacking + Silent God-mode App Install”, one of the Cloak & Dagger attacks:

Image Credit: Shutterstock/Ymgerman


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Jahanzaib Hassan