A new cybercrime operation was found using methods that bypass the “restricted settings” facility on Android devices, which are able to install malware capable of capturing on-screen texts, obtain permission and steal data Are
A new cybercrime operation called “Securidopper” was found using a method that bypasses the “restricted settings” facility in Android devices to install malware and get access to accessibility services.
The method used by cyber criminals is still present in Android 14 and uses session-based installation APIs for malicious APK (Android Package) files, which installs them in several stages, including “base” package and Various “split” data files are included, A. The report by Bleeping Computer said.
Malware was found to infect Android devices using a valid application, often a Google app, Android update, video player, safety app or game to make a groundwork for a second payload to transport the game to the device. Applies the game. The second payload carries malware.
The second phase of distributing malware involves cheating users by motivating them to click on the “restored” button after displaying a fake error message about the installation of APK files.
Once infected, the malware can capture the on-screen text, give additional permissions and misuse accessibility settings to do remotely to navigation activities. Malware can also misuse the audience to steal the password of one time.
Also Read this -
Restricted settings were introduced in Android 13 and side-loaded applications (applications that are not available on Google Platy Store and have been installed using APK files) to a powerful facility like accessibility settings and notification listeners to powerful facilities like listener Is designed to prevent arrival. Access to these features is misused by malware to compromise safety on Android devices.
Cybercrime operation was also found to use Android Dropper-A-Service. Android droppers neutralize the defense of the system before detection of malware in the downloading phase and installing malware. This helps in malware access settings and permissions, otherwise it will be stopped from accessing.
To protect against such attacks, Android users are advised to avoid downloading APK files from unknown sources or publishers, which they do not trust. Users can examine the permissions given to installed apps and cancel them. Users can select the app by going to settings, select the app and review the app permissions.
