Security researchers have discovered a new Android malware called DEFENSOR ID that snuck its way into the Google Play Store. Forensic analysis shows that malware takes advantage of Android devices’ Accessibility Services. It infiltrates the system and causes damage without being detected. To help you avoid this dangerous strain of malware, we’ve compiled everything you need to know.
What is DEFENSOR ID?
DEFENSOR ID is a banking Trojan that minimizes its malicious capabilities. They tend to sneak past security checks and infiltrate the Google Play Store. The malware’s primary function is to request access to accessibility services, which allows hackers to execute commands.
For starters, if unwitting users grant access to DEFENSOR ID, the malware can observe any launched apps. It also can send sensitive information back to hackers. This means hackers can steal anything from passwords, private emails, and bank information.
DEFENSOR ID also allows hackers to remotely uninstall apps, launch programs, and perform gestures. In theory, this feature can enable hackers to empty a victim’s bank account with minimal effort.
What’s more, the Trojan extends the lock screen timeout to 10 minutes to perform its malicious operations.
Android malware: Beware of apps leveraging Accessibility Services
According to researchers, DEFENSOR ID targeted Brazilian users and was downloaded over a dozen times. But despite its small success rate, it’s possible that more malware will leverage these techniques. They'll continue to steal sensitive information and control user devices. In fact, earlier in 2020, McAfee researchers discovered Android/LeifAccess malware that exploited Accessibility Services. This, in fact, left many fake reviews on the Google Play Store.
Plus, a common Android issue is that many independent software developers can upload their apps to the Google Play Store. So, if users aren’t thoroughly vetting the apps they download onto their devices, attacks will become more widespread.
Malware that can abuse Accessibility Services may even give rise to more deceptive online scams or data breaches.
How to defend against DEFENSOR ID Android malware
Developing a healthy skepticism of apps is the best way to prevent malware attacks. This involves training your staff to get in the habit of evaluating an app before downloading it. More specifically, they should verify whether user reviews seem authentic and consult with security experts about safety.
Businesses should also use endpoint security software to control what apps users can install on their company-registered devices. By limiting downloads to a few, fully verified apps, you can minimize your company’s exposure to mobile malware.
It’s in your best interest to call cybersecurity experts like us. Not only do we provide top-notch security solutions, but we also offer proactive maintenance services to protect your IT at all times.