Light Dark
May 26, 2020 By David Bisson 2 min read

Security researchers uncovered a new Android malware strain called “DEFENSOR ID” that channels its malicious activity through a device’s Accessibility Services.

In its analysis, ESET observed DEFENSOR ID had succeeded in infiltrating the Google Play store, sneaking past mobile security checks by reducing its malicious functionality to a single action: requesting access to a device’s Accessibility Services. This privilege enabled the malware to perform 17 commands received from the attacker, including launching an app and performing a click action remotely instructed by its handlers.

By controlling a device’s Accessibility Services, DEFENSOR ID gave attackers the ability to steal access to and subsequently empty a victim’s cryptocurrency wallet or banking account. This privilege also gave malicious actors the ability to read SMS text messages for the purpose of intercepting a victim’s two-step verification (2SV) code in the event that they had enabled this security feature on their account.

Android Malware Abusing Accessibility Services

DEFENSOR ID isn’t the first Android malware to abuse Accessibility Services in 2020. In March, for instance, McAfee witnessed the Android/LeifAccess.A Trojan exploiting this Android feature to infect a device and post fake reviews on Google Play.

In April 2020, Check Point Research observed the Black Rose Lucy malware family using a fake streaming video optimization (SVO) prompt to trick a victim into granting access to their device’s Accessibility Services. Just a couple of days later, Cybereason detailed the efforts of EventBot to steal user data from financial apps by leveraging Accessibility Services.

Defend Against DEFENSOR ID

Security professionals can help defend their organizations against Android malware such as DEFENSOR ID by creating security policies around the use of mobile devices. Those policies should limit the marketplaces and developers from which employees can download apps onto their corporate devices. Teams should also consider leveraging tools powered by artificial intelligence (AI) to help detect the latest threat behaviors circulating in the wild.

 |  |  |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

April 18, 2024

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

April 17, 2024

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

April 16, 2024

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature