A new android malware strain has been identified by certain researchers that channels its malignant activities through Android devices’ accessibility services. This Strain is called DEFENSOR ID.
Researchers have observed and reported that DEFENSOR ID has succeeded in infiltrating the google playstore, with its ability to reduce its malicious functionality to a single action of requesting access to a device’s Accessibility services and manages to sneak past the mobile’s defense systems. Due to this privilege, the malware is capable of performing 17 harmful commands that can be received from the attacker, including launching an app and performing a click action as instructed by its handlers.
The malware DEFENSOR ID gives threat actors the ability to steal access to their victim’s cryptocurrency wallet or banking account by controlling the devices Accessibility Services. This malware also arms the attacker with access to the victim’s SMS text messages so it could intercept the victim’s two-way verification processes, if they are using this feature.
However, this is not the first malware to abuse a device’s Accessibility services. Earlier this year the digital world witnessed Android/LeifAccess, a Trojan exploiting this android feature to infect a device and post fake reviews on Google’s playstore.
While in April it was observed that a malware from the Black Rose Ruby family used a fake streaming video optimization prompt, tricked a victim into allowing access to their device’s Accessibility services. In another breach, an EventBot was used to steal data from users’ financial apps by leveraging Accessibility services.
Safeguarding against the DEFENSOR
IT and security teams can help protect their organizations against Android malware such as the DEFENSOR ID by stringing security policies around the use of Mobile devices by their employees. The policies should clearly restrict users from the marketplaces and developers from where employees can download applications onto their corporate-issued devices. Teams should also consider upgrading their security to a more dependable Antivirus tool that can help them detect the latest threats from the digital world.
To read more, please check eScan Blog