Google officially announced the latest Android version this week and made it available for its Pixel phones. Other manufacturers have yet to roll out the update, but it might be better to wait a little longer. Hackers have already managed to circumvent a new security measure in Android 13, according to a security company.
Accessibility in Android
It’s the again accessibility functionality (Accessibility Service) in Android that these malware creators have taken advantage of. That’s what security company says ThreatFabric. This feature is intended for visually impaired people. For example, this allows Android to read text aloud and transcribe speech in text, lowering the barrier to mobile phone use for visually impaired users.
In 2017, Google already took steps to ban apps that use this option for other reasons from the Play Store. Unfortunately, this feature is still widely abused. “We are facing a pandemic of Android malware that abuses accessibility,” security firm said Security Research Labs on last year. The abuse is mainly aimed at stealing bank details.
That is how it works
The accessibility functionality includes an overlay feature that malware creators use to run their malware on top of another app. This way they can steal entered login details. An example is SharkBot which performs what is known as an “overlay attack” as soon as it detects an active banking app. It then comes up with a screen similar to that of your bank, through which you enter your login details without realizing it and thus give them away to the hackers. The hackers can take money from your bank account this way. SharkBot is a trojan that nests in apps that are in the Play Store and can thus cleverly circumvent Google’s security measures.
Google has taken action with Android 13 to limit the number of permissions that apps ask. Android 13 now includes a so-called restricted setting which prevents apps downloaded outside of the Play Store (known as sideloading) from requesting access to accessibility functionality. Now these kinds of apps can still request permission by means of a session-based installation. A regular installation via the Play Store is simulated, as it were, so that Android 13 does not consider it sideloading.
ThreatFabric has already discovered that the malware makers have come a long way in abusing this feature in Android 13. They expect that it will not be long before the first banking trojan is active on phones with Android 13.
Through Security.nl
– Thanks for information from Androidworld. Source