Android’s built-in security has improved significantly over time. Google’s operating system has a variety of machine learning-powered features to prevent, detect, and remove malicious software. Our devices may also have additional protection solutions designed by the manufacturer, such as Samsung Knox, or antivirus software that we have downloaded manually.
With all this we might think that our phone is “armored” against the threats that proliferate in the digital world in which we live, but the reality is that cybercriminals are increasingly more ingenious and worry about adapting their attack methods. There is always the risk that malicious software can infiltrate our device. Once inside, you can take advantage of features such as accessibility to achieve your goal.
Malware that uses accessibility features
Android accessibility features aim to improve the user experience of the system by offering alternative control methods (voice, gestures, gaze), reading screen content, among others. These functions, however, are also often used by malware families such as Vultur to compromise bank accounts. For example, capturing information from our screen or clicking.
Researchers at the Georgia Institute of Technology have developed a solution that they say can check if an Android device is infected by malware that uses accessibility features. The application, called Detector of Victim-specific Accessibility (DVa), works with a cloud service that helps simulate certain actions to activate malicious behavior of applications and thus be able to identify them.
Once the process is complete, DVa generates a report that is sent to Google so that it can be aware of the problem. While many apps that use accessibility features are downloaded by users by alternative means to the official application store, which involves activating the installation from unknown sources manually, some of them use effective techniques to sneak into the Play Store.
In most cases, attackers publish applications that appear harmless, but are then updated from maliciously controlled servers that download additional code such as the SharkBot malware. It’s no secret that this type of behavior violates Play Store policies, but late detection is usually enough for a certain number of victims to fall into the trap.
Unfortunately, DVa not available to the general public. This is an application that is part of an academic project. However, the project resources have been published on GitHub, and are available so that other people can experiment with them. They allow static and dynamic analyzes to be carried out using a computer with recent versions of Linux Ubuntu or Debian.
The project paper has a lot of interesting information. It should be noted that using DVa from GitHub repositories should be reserved for those who have a certain technical knowledge base. In the case of dynamic analysis, the device in question will have to have ‘root’ privileges. We will have to wait to find out if this idea will end up becoming an application for all users.
Images | WorldOfSoftware with Bing Image Creator | Mika Baumeister
In WorldOfSoftware | Passkeys that want to bury our passwords have a big problem. We may have found the solution
