Published: October 04, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
The battle between cybersecurity experts and the malware creators continues. The threat of malware is a serious one and are continuing on an upward trend. Passwords and private data continue to be prime targets for hackers. There's more bad news for users of the latest Android version, lucky number 13. It appears that hackers are already exploiting a loophole in the security features of the popular Android operating system that just received the update.
Google is aware of the threat posed by sideloading apps. And the latest version of the Android OS (version 13) no longer allows these apps to request access to accessibility services; which often are the source of vulnerabilities. However, users can allow access, should they desire; but the process of allowing a workaround is tremendously complex, by design.
The issue of sideloaded apps, which are apps available from third party sites, is one that Google is keen to prevent by encouraging users to only use the vetted apps available from the Play Store. Those apps will ask permission from the users before using accessibility services, a process that is often ignored by app providers outside of Google's approved app environment, which includes stores such as F-Droid or the Amazon App Store.
The problem is that Google is loath to institute an outright ban on apps that need the use accessibility services. That’s because they can be genuinely useful and app stores are usually careful about which apps they allow. But as we know, not all intentions of app developers are good.
However, this state of affairs has seen hackers take advantage of the exemption. For instance, hackers in the Hadoken Group are building increased functionality based on mature malware that takes advantage of the accessibility services. The malware has two components. The first part is the “dropper” that is packaged with an app. This function drops malware that circumvents the restrictions on accessibility to be installed.
This malware is still maturing and has a number of bugs (one of the reasons it has been named BugDrop by Android security experts at ThreatFabric), but users can be certain it will evolve quickly. While the researchers don’t see it being too active at the moment due to its undesired features, you can bet it’ll be on the charge soon.
Fortunately, there are ways to avoid downloading malware. Users should avoid granting an app permission to use accessibility services, if they don’t need them. This is true for any app that is downloaded, regardless of the source. Also, stick to those apps that are part of the Google-approved app ecosystem, such as the Play Store or Amazon App stores. And while you’ve probably heard that mobile devices are not as susceptible to virus’ and malware as your laptop or desktop, they still are vulnerable and the risks are only increasing. So, install an anti-virus app on all mobile devices and set it to auto-update so it’s always on top of the latest threats.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at email@example.com