Hackers already know how to infect Android 13. Google does not get rid of its biggest vulnerability

  • 25

It has been just 8 days since the final version of Android 13 arrived. release with many invisible news related to permissions and security, although this may not be enough. The accessibility permission is the main Android Trojan horse: apps can fully control our device using it.

how to pick up ThreatFabric, is already working on a Trojan capable of bypassing the new limitations of Android 13 with this permission. Through the accessibility permit, notorious cases have been suffered, such as that of Flubot, the Trojan behind the SMS scam. This new malware works in an even more sophisticated way, but based on the same principle.

The accessibility permission does not stop giving problems

android 13

Accessibility permission, as its name suggests, is an Android tool designed so that users with certain disabilities can interact with the phone. By activating this permission, the app can see, touch and collect all the data on the screen. In other words, you can have full control over the phone, since the original purpose is that the app can perform basic tasks that the user cannot perform. Although born with a good purpose, the permit is more than dangerous for security.

To try to partially solve the problem, with the arrival of Android 13, Google imposed some limitations. The system now detects if an app has been installed from an app store or from outside of it. If it has been installed from outside, the option to give it accessibility permission will be blocked. Bypassing this limitation did not seem so difficult: getting your malicious APK to be installed from an app store.

How to know if you have a virus on your mobile and what to do to get rid of doubts

Threatfabric researchers discovered a new malware under the name of BugDropan app that pretends to be a QR code reader. As soon as you open it, the app asks for accessibility permissions. But how do you get it? This APK does not act like a normal APK, but its code hides a package called com.secpro.androidapkupdater, which manages to fool the system and act as if it were an application store. Within this package, access to the accessibility permission is requested, and you can obtain it without much problem.

This method is inherited from old malware, which had the ability to install APKs on the device. In Android 13 this is achieved thanks to the string “com.example.android.apis.content.SESSION API PACKAGE INSTALLED”, from this complex name you should only keep the word “Session”. In Android 13, as we indicated, it is not possible for an app that has been loaded from outside to obtain accessibility permissions, but yes they can be obtained by apps with a login-based API (since this is the method used by app stores).

In other words? Android 13 does not really distinguish what is an app store and what is notit simply grants or not the ability to access this permission depending on whether the app has been loaded from outside or uses the session-based API (a REST API with token-based authentication).

This malware is still in early stage of development, so there is no news about applications that are starting to infect with it globally. However, it jeopardizes the security of a system that promised to solve the problems of the famous accessibility permission.

It has been just 8 days since the final version of Android 13 arrived. release with many invisible news related…

It has been just 8 days since the final version of Android 13 arrived. release with many invisible news related…

Leave a Reply

Your email address will not be published.