A new cybercrime operation named “SecuriDropper” was found using a method that bypasses the “Restricted Settings” feature in Android devices to install malware and obtain access to Accessibility Services.
The method used by cybercriminals is still present in Android 14 and uses session-based installation API for the malicious APK (Android package) files, which installs them in multiple steps, involving a “base” package and various “split” data files, a report from Bleeping Computer said.
The malware was found to infect Android devices by using legitimate apps, often impersonating a Google app, Android update, video player, security app or a game to lay the groundwork for a second payload to be delivered to devices. The second payload carries the malware.
The second stage of delivering the malware includes deceiving users by prompting them to click on a “Reinstall” button after displaying a fake error message about the APK files installation.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
Once infected, the malware can abuse the Accessibility settings to capture on-screen text, granting additional permissions, and performing navigation actions remotely. The malware can also abuse the Notification Listener to steal one-time passwords.
Restricted Settings was introduced in Android 13 and is designed to prevent side-loaded applications (applications that are not available on Google Platy Store and are installed using APK files) from accessing powerful feature like the Accessibility settings and Notification Listener. Access to these features is commonly abused by malware to compromise the security on Android devices.
The cybercrime operation was also found to be using Android Dropper-as-a-Service. Android Droppers impede malware detection at the downloading stage and neutralise the system’s defences before installing the malware. This helps the malware access settings and permissions, it would otherwise be barred from accessing.
To protect against such attacks, Android users are advised to avoid downloading APK files from unknown sources or publishers they do not trust. Users can further check the permissions granted to installed apps and revoke them. Users can access permission settings by going to Settings then App, selecting the app and reviewing app permissions.