The users who are holding their cryptoassets on the wallets on Android platform should be careful with their holdings while using the applications as the wallets are now at risk of being hacked. The new vulnerability allows the MediaProjection service to capture the user’s screen and audio content and currently almost 80% of all Android users remain at risk of data being stolen as the bug affects the Lollipop, Marshmallow and Nougat platforms.
Security researchers from MWR Labs discovered that the cause of this vulnerability is due to the fact that affected Android versions are unable to detect a partially obscured SystemUI pop-ups. This was explained in MWR report published on November 13.
— MWR InfoSecurity (@mwrinfosecurity) 17 November 2017
This vulnerability is severe because the SystemUI pop-up is launched within the context of the attacker’s application making it possible for an attacker to detect the pop-up and draw an overlay without the user noticing.
Nevertheless, it is still possible to detect the attack, because when an application gets access to the MediaProjection Service, it generates a Virtual Display which activates the icon in the notification bar which looks like this:
Screenshot of MediaProjection attack
It is stated in the report that vulnerability was addressed in Android 8.0 and Android users are advised to update to Android 8.0., although it remains unclear if Google has plans to release a patches for older versions of Android which were affected.
Android application developers can defend against this attack by enabling the FLAG_SECURE layout parameter via the application's WindowManager. This would ensure that the content of the applications windows are treated as secure, preventing it from appearing in screenshots or from being viewed on non-secure displays.
MWR Labs Advisory
Google released a patch in the Oreo 8.0 version, but the previous versions are at risk which means that cryptocurrency users accessing private wallets on Android devices are in danger of having their wallets hacked and are higly recommended to upgrade to the latest system for protection.