Tag Archive for: ACCESSIBILITY.

Appdome unveils advanced Anti-Malware protections against Android accessibility service threats


Appdome, a leader in mobile application security, has announced its new anti-malware protections designed to detect Android Accessibility Service Malware. The protection targets threats such as Xenomorph, Brasdex, Octo, Sharkbot, Flubot, TeaBot, PixPirate, Sova, Spynote, and Joker. These are malicious software used in large scale attacks on mobile banking apps, crypto wallets, and other financial services apps.

Despite being created as an Android framework to aid disabled users with their mobile applications, Android’s Accessibility Service has quickly turned into a playground for fraudsters. Abusive individuals carry out cyberattacks by deploying malware that connects through Accessibility Service into sensitive applications, like banking and mCommerce platforms.

Appdome’s CEO Tom Tovar, shed light on the severity of the issue, saying, “Once the Accessibility Malware is on a user’s device, it can listen, collect, intercept and manipulate Android Accessibility Service events to perform harmful actions without the user’s knowledge.” Fraudsters often mimic human actions within the mobile app, such as harvesting login credentials and completing transactions. Advanced variants like BrasDex and Xenomorph even employ Automated Transfer Systems (ATS) malware, capable of executing end-to-end transactions without a user’s active involvement.

The overall threat this malware poses led to the development of the new defense, explained Tovar. “This is a difficult problem to solve. To support the community, we created a defence that allows legitimate use of Accessibility Service, while at the same time prevents ATS malware from using Accessibility Service for nefarious purposes.”

Appdome’s new Prevent Accessibility Malware feature includes numerous protective measures. These involve multiple detection methods for ATS Malware, detection of potential methods used by ATS Malware in the context of Accessibility Service, and setting Trusted Accessibility Services. This way, brands can recommend trustworthy Accessibility Service applications to users. To further bolster these measures, Appdome also included an Accessibility Service Consent feature that allows users to approve…

Source…

Preventing accessibility service malware


Android’s Accessibility Service, as well as a litany of similar programs, includes features designed to help disabled users utilize devices and apps.

These programs typically run in the background, and they receive system callbacks that allow them to react to accessibility action requests. Some of the most common examples include screen readers, speech-to-text and touch events. In the Philippines, where users prefer apps that provide seamless transactions and interactions, according to an Appdome report, accessibility services are essential to supporting the mobile app market.

However, although the Accessibility Service places the customer first, it has also been exploited by cybercriminals to deliver advanced forms of mobile malware. In fact, in neighboring Singapore, authorities recently warned of fake SMS texts directing victims to download an anti-scam app supposedly created by the national police. Once installed, mobile users would be prompted to allow the app access to the Accessibility Service, which could expose the infected device to remote takeovers and credential theft.

Attackers have found ways to exploit the Accessibility Service to gain unauthorized access to in-app events, steal sensitive information, hijack transactions and avoid detection. With the help of system callbacks and command and control functionality, they can effectively target more app makers with updated attack payloads. Numerous variants of malware that involve abuse of the Accessibility Service in some form or another include FluBot, BrasDex, Xenomorph, SOVA, SpyNote, Joker, Octo and BianLian.

The nuts and bolts

Accessibility services are enabled at the OS level, and they operate by translating user inputs and gestures into actions, speech and text by communicating system callbacks to the app. However, attackers can monitor, intercept and hijack these callbacks to perform various actions without the user’s knowledge or consent. For example, Accessibility Service Malware can gain access to a banking app’s transaction records and personal details by capturing users’ interactions.

Screen overlay and keylogging are two of the most…

Source…

Google Addresses Android’s Biggest Security Problem: Accessibility Services

  1. Google Addresses Android’s Biggest Security Problem: Accessibility Services  BleepingComputer
  2. Toast overlay being used by malicious Android apps to install additional malware  Android Police
  3. Google will remove apps that misuse Android Accessibility Services from Google Play  Help Net Security
  4. Android 8.1 Reduces Inactive App Sizes to Save Storage Space  XDA Developers
  5. Google will remove Play Store apps that use Accessibility Services for anything except helping disabled users  Android Police
  6. Full coverage

android security news – read more

Android security: Google cracks down on apps that want to use accessibility services

  1. Android security: Google cracks down on apps that want to use accessibility services  ZDNet
  2. Google Addresses Android’s Biggest Security Problem: Accessibility Services  BleepingComputer
  3. Toast overlay being used by malicious Android apps to install additional malware  Android Police
  4. Android 8.1 Reduces Inactive App Sizes to Save Storage Space  XDA Developers
  5. ITEMS TAGGED WITH ANDROID | HotHardware  HotHardware
  6. Full coverage

android security news – read more