New tool can detect malware on Android smartphones

Screen readers, voice input, and other accessibility features have made it possible for people with disabilities to use smartphones. However, these same features also make mobile phones more accessible to hackers.

Malware uses these accessibility tools to read your screen and make you click things you shouldn’t. This has dire consequences, such as large transfers from banking apps and preventing malware uninstallation. All a user has to do is click on a phishing link or download the wrong app on the Google Play Store to install malware on their phone. That leaves everything vulnerable, from cryptocurrency apps to ride-sharing apps with credit cards stored in virtual wallets.

Georgia Tech researchers have developed a new tool that can check for malware: the Victim-Specific Accessibility (DVa) Detector. DVa runs on the cloud and checks your phone for this malware and sends you a report of its findings showing which apps are malware and how to remove them. It also tells you which victim apps the malware is targeting and how to contact those companies to verify the damage. DVa also sends a report to Google so the company can try to eradicate the malware from the app.

“As we continue to design increasingly accessible systems, we also need security professionals,” said Brendan Saltaformaggio, associate professor in the School of Cybersecurity and Privacy (SCP) and the School of Electrical and Computer Engineering. said. “If you don’t, hackers will take advantage of it.”

Malware modeling

To determine how vulnerable smartphones are to this type of hack, the team set up five Google Pixel smartphones and ran a malware analysis. Georgia Tech researchers have teamed up with Netskope, an industry leader in cloud, data, and network security, to help protect your smartphone from this type of powerful malware wherever you go. We then installed a piece of sample malware on each phone to see how the system malfunctioned and reported this behavior using DVa.

Although DVa can detect current attacks, the challenge is to ensure that accessibility is not lost when the malware is removed, the researchers note.

“In the future, we need to examine how accessibility services work as a whole to understand the fundamental difference between benevolent and malicious use,” said Ken Xu, Ph.D. I am. SCP student.