Tag

Accessibility Service

All articles tagged with #accessibility service

cybersecurity1 year ago•3 min saved

"Anatsa Android Malware Spreads to Millions of Samsung Galaxy Users via Google Play"

The Anatsa banking trojan has infected at least 150,000 Android devices in Europe through dropper apps hosted on Google Play, targeting specific geographic regions and using tactics to bypass security measures. The malware has evolved to abuse Android’s Accessibility Service and employs a multi-staged infection process. Google has removed most Anatsa dropper apps from the store, but the total number of downloads is expected to increase. Android users are advised to scrutinize app permissions and avoid downloading apps from unfamiliar publishers to protect against potential malware threats.

via BleepingComputer|

#accessibility-service #anatsa #android-malware

cybersecurity2 years ago•3 min saved

"Chameleon Android Trojan: Stealing PINs by Bypassing Biometric Authentication"

A new variant of the Android banking malware called Chameleon has been discovered, expanding its targeting to users in the U.K. and Italy. This evolved version of Chameleon excels in executing Device Takeover (DTO) using the accessibility service and is now being delivered via Zombinder, a dropper-as-a-service. The malware masquerades as the Google Chrome web browser and tricks users into enabling the accessibility service by checking the Android version on the device. It also disrupts biometric operations by transitioning the lock screen authentication mechanism to a PIN, allowing the malware to unlock the device at will. This development highlights the sophisticated and adaptive nature of the Android threat landscape.

via The Hacker News|

#accessibility-service #android-banking-malware #biometric-authentication

cybersecurity2 years ago•2 min saved

Beware of Chameleon Android malware stealing financial information.

A new Android trojan called Chameleon has been discovered by cybersecurity firm Cyble, which has been targeting users in Australia and Poland since the start of the year. The malware mimics the CoinSpot cryptocurrency exchange, an Australian government agency, and the IKO bank. Chameleon includes a wide range of malicious functionality, including stealing user credentials through overlay injections and keylogging, cookies, and SMS texts from the infected device. The malware performs a variety of checks to evade detection by security software and requests permission to use the Accessibility Service, which it abuses to grant itself additional permissions, disable Google Play Protect, and stop the user from uninstalling it.

via BleepingComputer|

#accessibility-service #android #chameleon-malware