Android 13: malware already bypasses new security measures

Android 13 strengthens system security by making it more difficult for apps to allow access to accessibility options, but hackers have already found a way to bypass this layer of security.

The official release of Android 13 took place a few days ago and the update is starting to roll out to the first compatible smartphones, including the Google Pixel. If this version brings fewer new features than its predecessor, which had introduced many design changes, Android 13 will at least strengthen the security of the system. But it seems that hackers have already taken a step ahead of Google.

A group of hackers known as Hadoken is indeed developing malware capable of bypassing the new security measures available to Android 13, reports ThreatFabric. Like others before it, the malware exploits vulnerabilities in various accessibility services in order to achieve its purpose, namely to steal the user’s personal data.

Android 13: accessibility options remain a weak point

Android 13 makes it harder to access accessibility options for apps. To circumvent this limitation, the new malware acts in two stages. First, a first application is installed by the victim. Then it uses the same package installation API as the Play Store to actually install the malware on the terminal, this time without the restrictions on enabling accessibility services. The user is therefore less protected and more inclined to grant permissions to the malware.

The threat has not yet reached its full potential, as the malware is still prone to bugs. The security researcher who discovered it named it “BugDrop”. But it is still only at a primitive stage of its development and should strengthen and become more effective soon, given the expertise of the Hadoken group, also the origin of the Xenomorph banking malware, hidden in an app battery optimization.

Source: ThreatFabric