Sometimes you\u2019ll see the term “overlays” used in articles about malware and you might wonder what they are. In this post we will try to explain what overlays\u2014particularly on Android devices\u2014are, and how cybercriminals deploy them.<\/p>\n
Most of the time, overlays are used to make people think they are visiting a legitimate website or using a trusted app while in reality they are not.<\/p>\n
Simply put, the Android overlay is a feature used by an app to appear on top of another app. The legitimate use of overlays is to offer functionality to the app\u2019s user without them having to leave the app itself, for example for messages or alerts, such as Android bubbles on Messenger<\/a>.<\/p>\n The possible malicious use of overlays, then, is not hard to guess. Overlays can be used to draw a full window on top of a legitimate app and, as such, intercept all the interactions the user has with the app. But they can also be superimposed over certain critical areas of an app like the text in a message box.<\/p>\n Some examples of malicious uses of overlays:<\/p>\n Whether the overlays are transparent or whether they mimic the legitimate app does not influence the way they work. As long as they blend with the original application\u2019s interface, they are incredibly hard to spot.<\/p>\n Most of the time, a malicious overlay’s goal is to intercept certain user data which enables cybercriminals to steal money or cryptocurrencies. This is why many banking apps have protection in place. In modern Android versions, developers can successfully block any non-system Android overlay to protect against overlay attacks.<\/p>\n As we said, screen overlay attacks are most common on Android devices, and they are a significant threat, so we will explain how you can check which apps have the permission to use overlays and how you can disable it.<\/p>\n Tap Settings<\/strong> > Apps<\/strong> > Options<\/strong> (three stacked dots) > Special access<\/strong> > Appear on top<\/strong>. Here you can see a list of apps with the permission to \u201cAppear on top\u201d and you can disable the ones you don\u2019t recognize or don\u2019t need to have this permission.<\/p>\n Using an anti-malware solution for your Android device will be effective against known malicious apps. You can uninstall these apps using the mobile device’s uninstall functionality, but the tricky part lies in identifying the offending behavior and app. That is where Malwarebytes for Android<\/a> can help\u2014by identifying these apps and removing them.<\/p>\n It also helps to use authentication methods which are harder to phish. MFA is vital to enable, and will protect you from many types of attacks, so please continue to use it. However, authentication-in-the-middle<\/a> attacks only work with certain types of MFA, and passkeys<\/a> for example won\u2019t allow the cybercriminals to login to your account in this way.<\/p>\n We don\u2019t just report on phone security\u2014we provide it<\/strong><\/p>\n Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by\u00a0downloading Malwarebytes for iOS<\/a>, and Malwarebytes for Android<\/a> today.<\/p>\n\n
Protection against overlays<\/h3>\n
\n