Android 13: malware is already bypassing new security features

Hackers have already found ways to bypass Android’s new security mechanisms, which are designed to stop this type of malware, using new malware. The malware that accomplished this feat mimics an app store to bypass restrictions.

Security investigators from fraud detection companies

ThreatFabric has discovered the new vulnerability in a blog post.
According to the post, a malicious app can masquerade as an app store and thus bypass the new Android 13 security measures.

As reported by Android Police,
This new exploit builds on older malware that uses Android login services to facilitate access to private data, passwords, and more.

Unlike previous versions of Google’s mobile operating system, Android 13 no longer allows externally loaded apps to request access to the smartphone’s accessibility services. The user must first activate this via the app info screen. However, Google could remove that before the general release of Android 13.

The reason Google has decided to make it difficult for externally downloaded apps to access access services is the fact that malicious apps and other malware often request additional permissions during installation. Now, if you download an app outside of an official app store, it will be more difficult for that app to access your contacts to spam or appear in other apps.

Security function blessing and cursing at the same time

However, there is a catch, as many people rely on access services to make better use of their devices. Any apps downloaded from the Play Store or third-party app stores such as F-Droid or the Amazon App Store are exempt from this restriction. That makes sense, but also the crux at the same time.

The Hadoken group of malware developers is now taking advantage of this vulnerability in the form of a new exploit called BugDrop. The exploit itself consists of two parts, with the first part installing an “eyedropper” application that functions as an app store on the victim’s device. From here, a session-based package installation API is used to install another application containing malware.

Fortunately, as ThreatFabric reports, this malware is still in its infancy and still very error-prone. However, it could already be used to infect smartphones with malware once more phone manufacturers roll out their Android 13 updates.

How to protect yourself from malicious software on your smartphone

First of all, you should not load apps on your Android smartphone but download them from the official app stores. But here too, read the reviews – there are also black sheep in official stores.

Enabling Google Play Protect on your devices is another way to protect yourself, as Google’s own Android antivirus app scans all the apps you’ve installed for malware and other threats.

When it comes to permissions, beware of any app that asks for permissions it doesn’t really need, like the ability to draw on top of other apps. Apps that require access to Android access settings should also be used with special caution. You should also remove apps that you have not used for a long time.

Pareo:

You Should Remove These Android Apps Immediately: Play Store Malware