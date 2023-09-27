Appdome Releases New Defenses to Combat Accessibility Malware

September 2023 by Marc Jacob

Appdome announced new mobile anti-malware protections that detect Android Accessibility Service Malware such as Xenomorph, Brasdex, Octo, Sharkbot, Flubot, TeaBot, PixPirate, Sova, Spynote, Joker and more. These malware are used to carry out large scale, distributed attacks on mobile banking apps, crypto wallets, and other financial services apps.

Accessibility Service is the Android framework designed to allow mobile applications for individuals who are disabled to interact with all applications on an Android device. Unfortunately, Accessibility Service is now the target of abuse by fraudsters and others, who use malware to connect through Accessibility Service into banking and other mCommerce applications. Once the Accessibility Malware is on a user’s device, it can listen, collect, intercept and manipulate Android Accessibility Service events to perform harmful actions on behalf of users without their knowledge, often mimicking human actions within the mobile app, such as harvesting login credentials and completing transactions. Two of the most advanced variants focus on Android banking apps - BrasDex in Latin America and Xenomorph in the U.S. and Europe use Automated Transfer Systems (ATS) malware. ATS malware can complete end-to-end transactions – without a user being involved.

Appdome’s new Prevent Accessibility Malware feature includes:

Detection of ATS Malware using dozens of methods.

Detection of ATS Malware methods, such as Overlay and Keylogging in the context of Accessibility Service

Set Trusted Accessibility Services, so brands can identify the Accessibility Service applications recommended to their users.

To supplement Trusted Accessibility Services, Appdome has included an Accessibility Service Consent that allows mobile end users to accept specific Accessibility Services applications to be used with their applications.

Appdome’s Cyber Defense Automation platform for mobile apps empowers developers and cyber teams to seamlessly build protections against Accessibility Service Malware directly into any mobile app, all from within the DevOps CI/CD pipeline with no code or coding required.