Here is an android clickjacking rootkit demonstration that shows how an android device can be exploited by clickjacking rootkits. Mobile security researchers have identified that an aspect of Android 4.0 Ice Cream Sandwich and earlier models of Android which clickjacking rootkits could exploit. The researchers at NC State in the United States have developed a prototype rootkit, a proof of concept that can attack the Android framework and can potentially steal personal information.
What is clickjacking? Clickjacking is a malicious technique that tricks users, and is often connected to taking over computers, web cams, and get private personal information thinking that a webpage, either picture, text, or any part of it is innocent.
An example of clickjacking, is for Facebook where when users click a link, they have instantly “liked” or “recommended” a web page unknowingly. While clickjacking malwares can be used on Android phone by bundling it with an app, which can allow an attacker to capture and log key strokers like bank card data or bank account numbers.
Below is a video which demonstrates Android Clickjacking Rootkit in Action
[iframe http://www.youtube.com/embed/RxpMPrqnxC0?rel=0 420 315]
In the video above, it was demonstrated that the rootkit can manipulate apps on a Android phone. This method can be used by cybercriminals to replace an app with malicious data stealing versions that will appear legitimate to a normal user.