Posted on Wednesday June 10, 2020

Security researchers have discovered a new Android malware called DEFENSOR ID that snuck its way into the Google Play Store. Forensic analysis shows that the malware takes advantage of an Android device's Accessibility Services to infiltrate the system and cause damage without being detected. To help you avoid this dangerous strain of malware, we've compiled everything you need to know in this blog entry.

What is DEFENSOR ID?

DEFENSOR ID is a banking Trojan that minimizes its malicious capabilities to sneak past security checks and infiltrate the Google Play Store. The malware's primary function is to request access to an Android device's Accessibility Service, which would allow hackers to execute a variety of commands.

For starters, if unwitting users grant access to DEFENSOR ID, the malware can observe any launched apps and send sensitive information back to hackers. This means hackers can steal anything from passwords and private emails to banking information and one-time SMS activation codes for two-step verification processes.

DEFENSOR ID also allows hackers to remotely uninstall apps, launch programs, and perform gestures (e.g., tap, swipe, click) within the launched program. In theory, this feature can enable hackers to empty a victim's bank account with minimal effort.

What's more, the Trojan extends the lock screen timeout to 10 minutes so that cybercriminals have enough time to perform their malicious operations.

Beware of apps leveraging Accessibility Services

According to researchers, DEFENSOR ID targeted Brazilian users and was downloaded over a dozen times. But despite its small success rate, it's possible that more malware will leverage these techniques to steal sensitive information and control user devices. In fact, earlier in 2020, McAfee researchers discovered Android/LeifAccess malware that exploited Accessibility Services to leave fake reviews on the Google Play Store.

Plus, a common Android issue is that many independent software developers can upload their apps to the Google Play Store and easily circumvent security checks. So, if users aren't thoroughly vetting the apps they download onto their devices, attacks similar to DEFENSOR ID will become more widespread.

Malware that can abuse Accessibility Services may even give rise to more deceptive online scams or massive-scale data breaches that can shut down businesses.

How to defend against DEFENSOR ID

Developing a healthy skepticism of apps in the Google Play Store is the best way to prevent malware attacks like DEFENSOR ID. This involves training your staff to get in the habit of evaluating an app before downloading it. More specifically, they should be verifying whether user reviews seem authentic, checking the total ratings and downloads, and consulting with security experts whether an app is safe.

Businesses should also use endpoint security software to control what apps users can install on their company-registered devices. By limiting downloads to a few, fully verified apps, you can minimize your company's exposure to mobile malware.

If you want to keep your business safe from malware and other cyberthreats, it's in your best interest to call cybersecurity experts like us. Not only do we provide top-notch security solutions, but we also offer proactive maintenance services to protect your IT at all times.

Celebrating 35+ Years

Managed Computer Support Services

Contact Us

Support Ends for Windows 10 22H2, Windows Server 2012 R2, Exchange 2013, Office 2016