Hacking, Hacking Tools, Vulnerability

All Android Version Except 8.0/Oreo are Vulnerable to Toast Overlay Malware Attack



Toast Overlay attack

A First Android malware called TOASTAMIGO has been discovered that capable of install other malware into infected devices using  Toast Overlay attack.

Overlay attacks allow an attacker to draw on top of other windows and apps running on the affected device. With this recently found overlay assault does not require a particular permissions or conditions to be compelling.

Few Months Before same attack has been discovered via Cloak & Dagger Attack 

Old Toast Overlay attack could abuse Android’s Accessibility features and leads to generate ads clicks a,app installing. but this one is capable of installing malware and other malicious activities .

This TOASTAMIGO Malware will entail a layer on top of the android app, window or process that leads to trick the victims by attacker to click the Fake overlay button instead of legitimate app or window.

In this case, TOASTAMIGO Toast Overlay Attack weaponize to download and install other malware by applying the fake layer into victim Android Screen.

All the Android version are affected Except(8.0/Oreo) by this Toast Overlay Attack. So before Android Oreo version users are urged to update the latest patch for this attack.

How Does this  Toast Overlay attack Works

An Android app that belongs to app lockers has discovered form Google play store has asking accessibility permission to work.

Once Permission has been granted by the user then apps will launch a window to purportedly “analyze” the apps.

Since its already have permission, Behind of this process it download and install the second malware.

This Malware app is completely packed before published into Google play store.



There are two apps were discovered from Google play store and according to package structure analysis conformed that  both apps was created by same developer.Trend Micro Detected  this malware as  ANDROIDOS_TOASTAMIGO

According to Trend Micro Report, The Toast Overlay attack is carried out when the apps purportedly note that it’s “analyzing the unprotected apps.”
To launch an overlay attack, malicious apps will typically request the “draw on top” permission; this has been the case with Android versions up to 6.0 (Marshmallow), and if installed from Google Play, they are exempted

To Bypass the various warning dialog’s from different android version, it has some malicious function in the source code doBackgroudTask.getInstance((Context)this    will helps to execution of certain tasks in the background.

Combination of this unique attack vector by this Toast Overlay attack, infected Android device can be victimized to anything through communicating to C&C sever and update itself for getting new futures.

This Malware has some interesting future that will be executed in background of the Android window.

  • com.photos.android.helper: Download a specified Android application package (APK)
  • force_stop_MC: Forcibly stop mobile security apps
  • bgAsprotectDialog: Prepare actions for dialog prompts, such as “Unknown sources”
  • bgAutoInstallPage_4: Install an APK via Accessibility
  • Accessibility: Open the Accessibility permission for the other APK
  • bgGpAutoProtect: Keep itself from being uninstalled
  • bgAsprotectDialog and bgAsprotectPage_4: Keep its Accessibility permission


Source : GBHackers



Previous ArticleNext Article

Founder and Editor-in-Chief of ‘Professional Hackers India’. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.