Accessibility Service is the Android framework designed to allow mobile applications for individuals who are disabled to interact with all applications on an Android device.
Appdome, the provider for mobile app defense, today announced new mobile anti-malware protections that detect Android Accessibility Service Malware such as Xenomorph, Brasdex, Octo, Sharkbot, Flubot, TeaBot, PixPirate, Sova, Spynote, Joker and more. These malware are used to carry out large scale, distributed attacks on mobile banking apps, crypto wallets, and other financial services apps.
Accessibility Service is the Android framework designed to allow mobile applications for individuals who are disabled to interact with all applications on an Android device. Unfortunately, Accessibility Service is now the target of abuse by fraudsters and others, who use malware to connect through Accessibility Service into banking and other mCommerce applications. Once the Accessibility Malware is on a user’s device, it can listen, collect, intercept and manipulate Android Accessibility Service events to perform harmful actions on behalf of users without their knowledge, often mimicking human actions within the mobile app, such as harvesting login credentials and completing transactions. Two of the most advanced variants focus on Android banking apps - BrasDex in Latin America and Xenomorph in the U.S. and Europe use Automated Transfer Systems (ATS) malware. ATS malware can complete end-to-end transactions – without a user being involved.
“This is a difficult problem to solve,” said Tom Tovar, co-creator and CEO of Appdome. “To support the community, we created a defense that allows legitimate use of Accessibility Service, while at the same time prevents ATS malware from using Accessibility Service for nefarious purposes.”
Appdome’s new Prevent Accessibility Malware feature includes:
- Detection of ATS Malware using dozens of methods.
- Detection of ATS Malware methods, such as Overlay and Keylogging in the context of Accessibility Service
- Set Trusted Accessibility Services, so brands can identify the Accessibility Service applications recommended to their users.
- To supplement Trusted Accessibility Services, Appdome has included an Accessibility Service Consent that allows mobile end users to accept specific Accessibility Services applications to be used with their applications.
“In this age of digitization, we have to provide safe and secure mobile application experiences for all mobile end users,” said Richard Stiennon, Chief Research Analyst of IT-Harvest. “The Android Accessibility Malware attack vector is one such case that demands an extra layer of defense.”
Appdome’s Cyber Defense Automation platform for mobile apps according to the company, empowers developers and cyber teams to seamlessly build protections against Accessibility Service Malware directly into any mobile app, all from within the DevOps CI/CD pipeline with no code or coding required.