* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/)
* [未分類](https://origin-researchcenter.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr)
* 威脅摘要：立即修補問題，以免受到 Android ...

# 威脅摘要：立即修補問題，以免受到 Android Toast 覆蓋的攻擊

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2017%2F09%2Funit42-threat-brief-patch-today-dont-get-burned-android-toast-overlay-attack%2F%3Flang%3Dzh-hant)  
[](https://twitter.com/share?text=%E5%A8%81%E8%84%85%E6%91%98%E8%A6%81%EF%BC%9A%E7%AB%8B%E5%8D%B3%E4%BF%AE%E8%A3%9C%E5%95%8F%E9%A1%8C%EF%BC%8C%E4%BB%A5%E5%85%8D%E5%8F%97%E5%88%B0+Android+Toast+%E8%A6%86%E8%93%8B%E7%9A%84%E6%94%BB%E6%93%8A&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2017%2F09%2Funit42-threat-brief-patch-today-dont-get-burned-android-toast-overlay-attack%2F%3Flang%3Dzh-hant)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2017%2F09%2Funit42-threat-brief-patch-today-dont-get-burned-android-toast-overlay-attack%2F%3Flang%3Dzh-hant&title=%E5%A8%81%E8%84%85%E6%91%98%E8%A6%81%EF%BC%9A%E7%AB%8B%E5%8D%B3%E4%BF%AE%E8%A3%9C%E5%95%8F%E9%A1%8C%EF%BC%8C%E4%BB%A5%E5%85%8D%E5%8F%97%E5%88%B0+Android+Toast+%E8%A6%86%E8%93%8B%E7%9A%84%E6%94%BB%E6%93%8A&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2017/09/unit42-threat-brief-patch-today-dont-get-burned-android-toast-overlay-attack/?lang=zh-hant&ts=markdown)  
\[\](mailto:?subject=威脅摘要：立即修補問題，以免受到 Android Toast 覆蓋的攻擊)  
Link copied  
By [Christopher Budd](https://www.paloaltonetworks.com/blog/author/christopher-budd/?lang=zh-hant&ts=markdown "Posts by Christopher Budd")  
Sep 19, 2017  
1 minutes  
[未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown)  
[Android](https://www.paloaltonetworks.com/blog/tag/android/?ts=markdown)  
[Cloak and Dagger](https://www.paloaltonetworks.com/blog/tag/cloak-and-dagger/?ts=markdown)  
[Toast 覆蓋攻擊](https://www.paloaltonetworks.com/blog/tag/toast-%e8%a6%86%e8%93%8b%e6%94%bb%e6%93%8a/?lang=zh-hant&ts=markdown)  
[勒索軟體](https://www.paloaltonetworks.com/blog/tag/%e5%8b%92%e7%b4%a2%e8%bb%9f%e9%ab%94/?lang=zh-hant&ts=markdown)  
[惡意軟體](https://www.paloaltonetworks.com/blog/tag/%e6%83%a1%e6%84%8f%e8%bb%9f%e9%ab%94/?lang=zh-hant&ts=markdown)

This post is also available in: [English (英語)](https://origin-researchcenter.paloaltonetworks.com/blog/2017/09/unit42-threat-brief-patch-today-dont-get-burned-android-toast-overlay-attack/ "Switch to 英語(English)") [简体中文 (簡體中文)](https://origin-researchcenter.paloaltonetworks.com/blog/2017/09/unit42-threat-brief-patch-today-dont-get-burned-android-toast-overlay-attack/?lang=zh-hans "Switch to 簡體中文(简体中文)") [Français (法語)](https://origin-researchcenter.paloaltonetworks.com/blog/2017/09/unit42-description-de-la-menace-appliquez-un-correctif-des-aujourdhui-et-ne-vous-brulez-pas-les-doigts-avec-une-superposition-toast-android/?lang=fr "Switch to 法語(Français)") [日本語 (日語)](https://origin-researchcenter.paloaltonetworks.com/blog/2017/09/unit42-threat-brief-patch-today-dont-get-burned-android-toast-overlay-attack/?lang=ja "Switch to 日語(日本語)") [한국어 (韓語)](https://origin-researchcenter.paloaltonetworks.com/blog/2017/09/unit42-threat-brief-patch-today-dont-get-burned-android-toast-overlay-attack/?lang=ko "Switch to 韓語(한국어)")

Palo Alto Networks Unit 42 的研究人員於今日公佈會影響 Google Android 平台的全新高嚴重性弱點之[詳細資訊](https://www.paloaltonetworks.com/blog/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/)。這一弱點的修補程式已作為[Android 2017 年 9 月安全告示](https://source.android.com/security/bulletin/2017-09-01)的一部份提供。這項新的弱點「並不會」影響最新版本的 [Android 8.0 Oreo](https://www.android.com/versions/oreo-8-0/)，但是會影響舊版本的 Android。有些惡意軟體會以本篇文章中所提及的途徑發起攻擊，但 Palo Alto Networks Unit 42 目前並未發現任何針對此特定弱點的攻擊出現。由於 Android 8.0 是相對較新的版本，這表示幾乎所有的 Android 使用者都應該立即採取行動以套用更新項目，才能應對這項弱點。

我們的研究人員發現一項可以用來更輕鬆地發動「覆蓋攻擊」的弱點；這類攻擊是 Android 平台上已知的攻擊類型。這一類型的攻擊最有可能用來在使用者的 Android 裝置上安裝惡意軟體，它也可以用來讓惡意軟體取得裝置的全部控制權。在最糟糕的攻擊情境下，這項弱點可用來讓手機完全失去作用 (亦即「變磚」)，或是用來安裝任何類型的惡意軟體，包含但不限於勒索軟體或資訊竊取程式。就最簡單的層面而言，在攻擊成功後，這項弱點可以用來取得裝置控制權、鎖定裝置以及竊取資料。

「覆蓋攻擊」這種攻擊方式，是指攻擊者的應用會在其他視窗或在裝置上執行的應用之上方繪製 (或「覆蓋」) 一個視窗。若成功進行這項動作，攻擊者便能夠誤導使用者，使其認為自己是對一個視窗進行點按動作，而實際上按的是另一個視窗。在圖1 中，您可以看到一個例子：攻擊者讓使用者以為自己要安裝修補程式，實際上是按下授予 Porn Droid 這個惡意軟體完整管理員權限的按鈕。

![AndroidToast\_7](https://www.paloaltonetworks.com/blog/wp-content/uploads/2017/09/AndroidToast_7.png)

圖 1：偽造的修補安裝程式所覆蓋的惡意軟體正在要求取得管理權限

您可以看到這個攻擊會如何用來說服使用者，不知不覺間便在裝置上安裝了惡意軟體。這也可以用來向惡意軟體授予裝置的完整管理權限。

透過在裝置上開啟無法關閉的視窗，覆蓋攻擊也能用來在裝置上發動阻斷服務狀況。攻擊者會使用這個方法，在行動裝置上發動勒索軟體攻擊。

當然，覆蓋攻擊能夠用來在單一攻擊事件中達成以下全部三個目標：

1. 欺騙使用者在裝置上安裝惡意軟體。
2. 欺騙使用者對惡意軟體授予完整的管理權限。
3. 使用覆蓋攻擊來鎖定裝置，並透過其勒索贖金。

覆蓋攻擊並非新出現，先前便曾引起過關注。但在此之前，根據 [IEEE 安全與隱私期刊](http://iisp.gatech.edu/sites/default/files/documents/ieee_sp17_cloak_and_dagger_final.pdf)中的最新研究，所有人都相信試圖進行覆蓋攻擊的惡意應用必須要克服兩項重要的障礙，之後才能成功：

1. 這些應用必須在安裝時明確向使用者要求「draw on top」權限。
2. 這些應用必須從 Google Play 進行安裝。

這些因素能夠明顯降低風險，因此覆蓋攻擊並未被認為是種嚴重的威脅。

但是，根據 Unit 42 的全新研究顯示，有種方式能夠用來進行覆蓋攻擊，讓這些減緩因素無法適用。若某個惡意應用要利用這項全新的弱點，我們的研究人員發現，只要在裝置上面安裝該類應用，便能發動覆蓋攻擊。這表示，惡意應用即便不是來自 Google Play，而是來自其他網站與應用商店，也能進行覆蓋攻擊。有件應注意的重要事項是，來自 Google Play 以外的網站與應用商店的應用，在世界各地構成了 Android 惡意軟體的一個重大來源。

這項會影響 Android 功能的特定弱點被稱為「[Toast](https://developer.android.com/guide/topics/ui/notifiers/toasts.html)」(吐司)。「Toast」是會在螢幕上「彈現」(就像烤吐司) 的通知視窗類型之一。「Toast」通常會用來在其他應用上方顯示訊息與通知。

不像其他的 Android 視窗類型，Toast 並不會要求相同的權限，因此適用於先前的覆蓋攻擊之減緩因素，在這裡並不適用。另外，我們的研究人員已描述如何可以建立覆蓋整個螢幕的 Toast 視窗，進而能夠使用 Toast 來建立與一般應用視窗具有同等功能的視窗。

有鑑於此最新研究，覆蓋攻擊的風險便具有更高的嚴重性。幸運的是，最新版的 Android 從一開始便對此類型攻擊免疫。但是，大部份的 Android 使用者正在使用的還是具有弱點的 Android 版本。這表示，所有 Android 8.0 以前版本的使用者，都應為其裝置取得更新程式。您可以向行動業者或手機製造商取得修補程式與更新程式可用性的相關資訊。

當然，對付惡意應用最好的防護方式之一，是僅從 Google Play 取得 Android 應用，因為 Android 安全性團隊會積極篩選惡意應用，並在第一時間將惡意程式阻絕在商店外。

*** ** * ** ***

## Related Blogs

### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown)

[#### Traps 5.0 正式發佈：透過雲端提供的進階端點防護](https://origin-researchcenter.paloaltonetworks.com/blog/2018/03/traps-5-0/?lang=zh-hant)

### [Non classifié(e)](https://www.paloaltonetworks.com/blog/category/non-classifiee/?lang=de&ts=markdown)

[#### Description de la menace : Appliquez un correctif dès aujourd'hui et ne vous brûlez pas les doigts avec une superposition Toast Android](https://origin-researchcenter.paloaltonetworks.com/blog/2017/09/unit42-description-de-la-menace-appliquez-un-correctif-des-aujourdhui-et-ne-vous-brulez-pas-les-doigts-avec-une-superposition-toast-android/?lang=fr)

### [Threat Brief](https://www.paloaltonetworks.com/blog/category/threat-brief/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com)

[#### Threat Brief: Patch Today and Don't Get Burned by an Android Toast Overlay](https://origin-researchcenter.paloaltonetworks.com/blog/2017/09/unit42-threat-brief-patch-today-dont-get-burned-android-toast-overlay-attack/)

### [Unit 42](https://unit42-dev2.paloaltonetworks.com)

[#### Android Toast Overlay Attack: "Cloak and Dagger" with No Permissions](https://origin-researchcenter.paloaltonetworks.com/blog/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions/)

### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown)

[#### Strata Copilot - 加速邁向自發性網路安全性的未來](https://origin-researchcenter.paloaltonetworks.com/blog/network-security/introducing-strata-copilot/?lang=zh-hant)

### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown)

[#### 醫療企業是勒索軟體攻擊者的首要目標](https://origin-researchcenter.paloaltonetworks.com/blog/2021/10/healthcare-organizations-are-the-top-target/?lang=zh-hant)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language