What's leading you to believe #2? I agree that is the solution if this is indeed tapjacking.
Though sadly, every time I or other people have asked for a PoC or explanation, we've been met with radio silence. Until I can get my hands on this or a full explanation, I'm inclined to believe that this "rootkit" is just a custom launcher. -Tim Strazzere On Thu, Sep 6, 2012 at 10:04 AM, Subodh Iyengar <[email protected]>wrote: > Three things: > 1. This type of malware is already known in the community, so much so that > it already has a name for itself, "Tapjacking". > 2. This is already solved using the setFilterTouchesWhenObscured flag in > Gingerbread and beyond. > 3. This type of not really a "rootkit", when the OS can detect it's > running. > > > On Wednesday, July 4, 2012 2:22:05 AM UTC-7, RichardC wrote: >> >> http://www.theregister.co.uk/**2012/07/04/poc_android_** >> clickjacking_rootkit/<http://www.theregister.co.uk/2012/07/04/poc_android_clickjacking_rootkit/> >> >> >> *"The clickjacking vulnerability is present in Android 4.0.4 (Ice Cream >> Sandwich) and earlier versions of the smartphone OS. The mechanism - >> described as a "user interface readdresing attack" - means the malware can >> be installed by a user thinking he or she is agreeing to some other action >> and without a reboot. No privilege escalation is needed, nor any nobbling >> of the operating system's core kernel."* >> > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/android-security-discuss/-/bb9GUmu-cVEJ. > > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
