Malware exploits this Android feature on millions of phones. Some researchers already know how to detect this.

Android’s built-in security has improved significantly over time. Google’s operating system has many machine learning features for prevention, detection and removal malware. Our devices may also have additional security solutions developed by the manufacturer, such as Samsung Knox, or antivirus software that we have manually downloaded.

With all this, we may think that our phone is “safe” from the threats that are spreading in the digital world we live in, but the reality is that cybercriminals are becoming more creative and worried about adapting their attack methods. There is always a risk that malicious software may enter our device. Once inside, you can take advantage of features such as accessibility to achieve your goal.

Accessibility-based malware

Android accessibility features are designed to improve the system’s user experience by offering alternative control methods (voice, gestures, gaze), reading screen contents and much more. However, these functions are also often used by malware families such as Vultur to compromise bank accounts. For example, capturing information from the screen or pressing.

Researchers at the Georgia Institute of Technology have developed a solution that they say can check whether an Android device is infected with accessibility malware. The app, called “Victim Specific Availability Detector” (DVa), works with a cloud service that helps simulate certain actions to trigger malicious behavior of applications and thus be able to identify them.

Once the process is complete, DVa creates a report that is sent to Google so it can know about the problem. Although many accessibility apps are downloaded by users alternative ways to the official app store, which involves manually activating installation from unknown sources, some of them use effective tricks to infiltrate the Play Store.

In most cases, attackers publish apps that appear harmless, but are then updated from attacker-controlled servers that download additional code, such as SharkBot malware. It’s no secret that this behavior violates Play Store policies, but late detection is usually enough to trap a certain number of victims.

Unfortunately, TWO not available to the general public. This is an application that is part of an academic project. However, the project’s resources are published on GitHub and are available for others to experiment with. They allow you to perform static and dynamic analysis using a computer running the latest versions of Linux Ubuntu or Debian.

The project document contains a lot of interesting information. It should be noted that using DVa from GitHub repositories should be reserved for those with a certain technical knowledge base. In the case of dynamic analysis, the device in question must be rooted. We’ll have to wait to see if this idea eventually becomes an app for all users.

Images | Hatak using Bing Image Creator | Micah Baumeister

In Hatak | Access keys that want to hide our passwords face a big problem. We may have found a solution