New Technology Detects Hidden Malware on Your Android Phone
Georgia Tech researchers created a program called Detector of Victim-specific Accessibility (DVa) to detect malware that exploits phone accessibility capabilities. Malware can use these characteristics to read on-screen text and execute illegal operations, resulting in serious repercussions. Malware is often installed when a user clicks on a phishing link or unintentionally opens a malicious software, and it has the potential to infect sensitive apps such as bitcoin wallets and ridesharing services. DVa runs on the cloud and delivers the user a report that shows which apps are malware and how to remove them. It also submits a report to Google for further investigation. The difficulty is to ensure that eradicating malware does not impair accessibility.
New Technology Detects Hidden Malware
A new tool developed by researchers can identify malware that takes advantage of phone accessibility features and assist users in removing it.
People with impairments can now use cellphones more easily because to accessibility tools like voice-to-text and screen readers. But hackers can also take advantage of these same technologies.
Accessibility services can be used by malware to read material on the screen and carry out illegal operations, like pressing buttons, authorizing transactions, or even thwarting attempts to uninstall the infection. Serious repercussions, such as illegal transfers from banking apps or enduring infections that are challenging to remove, may occasionally result from this.
Malware is often downloaded when a user unintentionally installs a malicious software or clicks on a phishing link, even from places that appear to be trustworthy, like the Google Play Store. Once installed, it has the ability to hack critical apps, such as ridesharing platforms that hold payment information and cryptocurrency wallets.
A new malware-checking tool called Detector of Victim-specific Accessibility (DVa) was created by Georgia Tech researchers. DVa uses the cloud to scan the phone for malware, and it then provides the user with a report that identifies the malicious apps and explains how to remove them.
Additionally, they will obtain which victim apps the malware targeted and how to get in touch with those businesses to inquire about any damages. Additionally, DVa reports this spyware to Google, which tries to remove it from programs.
Brendan Saltaformaggio, an associate professor in the School of Cybersecurity and Privacy (SCP) and the School of Electrical and Computer Engineering, stated that “security professionals must be there in the room as we continue to develop systems that are increasingly accessible.” Because if we don’t, hackers will take advantage of them.
Simulating Malware
The researchers installed malware on five Google Pixel phones to assess the susceptibility of smartphones to this kind of hack. The researchers from Georgia Tech joined together with Netskope, a leader in network, data, and cloud security, to help shield devices worldwide from this kind of potent malware. The sample malware was then loaded on each phone to observe how it affected the system, and the behavior was reported using DVa.
The researchers point out that although DVa is capable of identifying contemporary threats, it can be difficult to make sure that eliminating malware doesn’t also eliminate accessibility.
Haichuan (Ken) Xu, a Ph.D. candidate in SCP, stated, “In the future, we need to look at how accessible services work generally to find out what’s really different from a benign use and a malicious use.”
Reference: “DVa: Extracting Victims and Abuse Vectors from Android Accessibility Malware” https://www.usenix.org/system/files/sec24summer-prepub-136-xu-haichuan.pdf by Haichuan Xu, Mingxuan Yao, Runze Zhang, Mohamed Moustafa Dawoud, Jeman Park and Brendan Saltaformaggio.