A TERRIFYING new trick lets criminals spy through your device’s camera, if you make a simple mistake.
The worrying trap uses a malicious app to lure users into granting permissions to their camera, location and notifications, without their knowledge.
3
3
3
Harmful app disguised as a game
The harmful app disguises itself as a harmless game, that involves you just tapping on your screen to complete a task, for example killing bugs or chopping fruit.
These ‘fake games’ are often downloaded from third party app stores as they don’t undergo the same security checks as official stores such as Google Play, so to lessen your chances of falling victim to the scam, always make sure to download apps from official sites.
The attack, called TapTrap affects Android devices and works by secretly opening another screen, such as a prompt to grant the app permissions to your camera or location.
Usually, when the screen changes on Android devices, an animation appears, such as the new screen sliding or fading in.
However, the malicious app can tell the system that a custom animation should be used instead, that is long running and is completely transparent, meaning that the new screen is completely hidden from you.
Hidden screen
So, imagine you click on the newly downloaded game and start clicking on various parts of the screen to kill bugs or whack moles.
Without your knowledge, it then opens another invisible screen which asks you to grant permission to camera access, notifications or location access.
Any taps you make whilst the animation is running will go to the secret invisible screen, not the game.
The game will then lure you in to tapping on specific parts of the screen, meaning you are actually tapping on the button that will grant the app access to your camera or location.
TapTrack can even trick you into enabling the “Device Administrator” permission, which allows the malicious app to remotely wipe your entire device.
How to protect yourself
An easy way to protect yourself from this scam is to disable system animations in your device’s accessibility settings.
This will prevent malicious apps from being able to open invisible screens, but will also disable animations on your device.
Thankfully, Google has promised that it will fix this issue in a future update.
“Android is constantly improving its existing mitigations against tapjacking attacks”, a Google representative told BleepingComputer.
How does TapTrack work?
- Android users download a ‘game’ which is secretly a malicious app
- The ‘game’ opens a hidden second screen, unbeknownst to the user
- The user is lured in to clicking specific parts of the screen with the taps working on the invisible screen
- The user clicks on a button granting the app permission to their camera or location, without their knowledge
“We are aware of this research and we will be addressing this issue in a future update.
“Google Play has policies in place to keep users safe that all developers must adhere to, and if we find that an app has violated our policies, we take appropriate action.”
This comes after McAfee warned that one of the easiest ways to tell whether your device has a virus, is if it feels “physically hot”.
The warning reads: “When you accidentally download apps that contain malware, your device has to work harder to continue functioning.
“Since your phone isn’t built to support malware, there is a good chance it will overheat.”
Other signs that you could be being targeted include quicker battery drainage and the appearance of random pop-up ads.
