Malware developers have found defects in the latest version of Android 13, which was recently released with a promise of increased privacy and security.
Security researchers at Threat Fabric found that the ‘Accessibility Services’ can be manipulated by threat actors. Cybercriminals could use a ‘dropper’ to disable the ‘Accessibility Feature’ partially. To enable the features again, the users may have to perform specific tasks that require them to input their passwords.
On their official blog, Threat Fabric said they successfully avoided the ‘Restricted Settings’ in the second Proof of Concept (PoC) application. This points towards the vulnerability of the Android 13 version.
Referring to the latest update, the researchers said, “Although introduced changes can protect users from certain malware on the new version of Android, we believe that most of the actors will quickly adapt to the restrictions with a slight change in their MO until a stricter approach will be introduced.”
The blog post further pointed towards cybercriminals using a sort of ‘On-Device Fraud’ (ODF) capability that poses a threat to banking credentials on a user’s device. Cybercriminals use an Android banking malware that uses the ODF capabilities. Threat fabric witnessed a 40% increase in ODF malware use in the first quarter of this year.
Further need for improvement in Android 13
In a statement on Android’s blog, the developers of Android said, “Privacy is core to Android’s product principles, and Android 13 focuses on building a responsible and high-quality platform for all by providing a safer environment on the device and more controls to the user.” While Android developers assured that they had introduced updates to make the operating system more secure, the research confirms that malware creators could create a strategy to bypass the latest security measures by Google.
Android 13 to be rolled out to multiple devices
Android 13 was rolled out to Pixel devices on August 15 and is set to be rolled out to more brands like Asus, Motorola, Nokia, Samsung Galaxy, Sony, Vivo, Xiaomi and others. The source code of this version could be found on AOSP. The research shows how threat actors can work around the latest developments.