Android 13 was made available in the stable channel by Google last week. The most recent version of Android includes sophisticated security features for enhanced defense against malware and other threats. The new security measures appear to have already been circumvented, though, by attackers. A new exploit being developed by malware makers has been discovered to get around the limitations on accessibility services that Google imposed in Android 13.
Hackers are creating malicious software that can get beyond Android 13 security. Accessibility services make it simpler for apps to have access to sensitive information, according to Android Police notes . It is one of the most popular gateways for Android malware as a result. Google blocks access to accessibility services for sideloaded apps on Android 13 to lower the risk of infection. This is so that malicious actors can deceive users into sideloading malware-filled programs that request approval from accessibility services.
However, because this is a real Android service that developers utilize to make their apps more accessible, apps downloaded via the Play Store can still have access to this feature. Apps downloaded from reputable third-party app shops like the Amazon App Store are likewise free from this rule. These shops, according to Google, have security mechanisms in place to check for malware. Here, attackers have discovered a weakness.
Advertisement Hackers from the Hadoken organization are creating Android malware that builds on existing malware, claims security research firm ThreatFabric . To get around Google’s accessibility service limitations, it comes in two pieces. First, hackers force users to download a dropper from a trusted app store. Because this dropper functions as its own app store, Google has decided to exclude it from the limitations. The infection is subsequently installed on the victim’s device without regard for accessibility features.
Google’s limitations on accessibility services for sideloaded apps have already been circumvented. Those remedies, however, need more steps than this two-step virus dropping. Simply tricking Android users into downloading the dropper—which is probably disguised as some productivity or utility app—is all that attackers need to do.
DO NOT PERMIT APPS ACCESS TO ACCESSIBILITY SERVICES. ThreatFabric reports that the Hadoken organization is still developing this malware. The malware under development is known as BugDrop by the research company. The Android Banking trojan Xenomorph and another malware dropper known as Gymdrop were both created by the same organization. The three malware efforts are connected by the accessibility features of Android. Therefore, unless it is an accessibility app, do not provide an app permission to use accessibility services while installing it. Additionally, don’t put shady programs on your device.