Attackers are developing malware that can bypass Android 13 security
As Android Police notes, accessibility services make it easier for apps to gain access to private data. As such, it is one of the most used gateways for Android malware. To reduce malware risks, Google doesn’t give sideloaded apps access to accessibility services on Android 13. This is because bad actors may trick users to sideload malware-laden apps that ask for accessibility services permission. According to security research firm ThreatFabric, hackers part of the Hadoken group are developing Android malware that builds on older malware. It comes in two parts to bypass Google accessibility services restrictions. Firstly, attackers make users install a “dropper” from a legitimate app store. This dropper acts like an app store of its own, hence Google exempts it from the restrictions. It then installs malware on the victim’s device without restrictions to accessibility services. There are already workarounds to Google‘s restrictions on accessibility services for sideloaded apps. However, those workarounds are more complex than this two-step dropping of malware. Attackers simply need to trick Android users to download the “dropper” which will likely be disguised as some productivity or utility app.
Avoid granting apps access to accessibility services
According to ThreatFabric, the Hadoken group is still working on this malware project. The research firm is calling the in-development malware “BugDrop”. The same group also developed the Android Banking trojan Xenomorph and another dropper malware called Gymdrop. The common link between the three malware projects is Android’s accessibility services. So whenever you install an app, don’t grant it permission to use accessibility services unless it is an accessibility app. Also, avoid installing untrusted apps on your device.
