SecuriDropper, a new dropper-as-a-service (DaaS) cybercrime ops, can apparently bypass Android’s Restricted Settings to install malware and gain access to Accessibility Services.
Restricted Settings was introduced with Android 13 to prevent APK files and apps that didn’t come from the Google Play Store from gaining access to crucial Android features like Accessibility settings and Notification Listener — two of the most abused features by malware.
Gaining access to the Accessibility settings will allow hackers to capture on-screen texts (i.e. when typing passwords), grant them additional permission, and more. Meanwhile, gaining access to Notification Listener will allow hackers to see one-time passwords (OTPs) sent to your device.
- How Android malware slips inside the Google Play Store
- Guide: Running a virus scan on your Android device
By August 2022, it’s already been reported that malware developers are conforming their tactics to the new Android security feature via a new dropper called BugDrop.
It works by using a session-based installation API for malicious APK files, which installs the app in a couple of steps that include a “base” package and different “split” data files.
When the specific API is used in lieu of the non-session method, the Restricted Settings is then bypassed, and the users will not be presented with the “Restricted Settings” pop-up that would’ve allowed them to block the malware access to crucial permissions.
BleepingComputer checked and confirmed that the same vulnerability persists on Android 14.
Bottomline is, to stay safe, only download apps directly from the Google Play Store or from trusted sources.
Via: Bleeping Computer