A tool for detecting malware on Android phones
Marie Donlon | October 31, 2024A team of researchers at Georgia Tech has created a tool capable of checking Android devices for malware.
The tool, dubbed Detector of Victim-specific Accessibility, or DVa for short, reportedly runs on the cloud to inspect Android phones for malware, then sends the user a report of its findings, showing which apps are malware and how to delete them. The tool will also reveal to the user which victim apps the malware was targeting and how to contact those companies to check for damages. Additionally, DVa will also send a report to Google so the company can try to eradicate this malware from apps.
"As we continue to design systems that are more and more accessible, we also need security experts in the room. Because if we don't, they're going to get abused by hackers," the researchers explained.
The team added that screen readers, voice-to-text and other accessibility features that enable people with disabilities to use smartphones are particularly prone to hackers. Specifically, malware tends to use these tools to read screens and click on links to, for example, transfer large sums of money from a banking app. They can even prevent malware from being uninstalled, thereby leaving the device vulnerable to hackers to gain access to apps with stored credit cards.
To demonstrate such vulnerabilities, the researchers set up five Google Pixel phones and performed a malware analysis. Working in conjunction with Netskope — a cloud, data, and network security provider — to help protect smartphones from malware, the Georgia Tech team installed some sample malware on each phone to see how it debilitated the system and then used DVa to report this behavior.
Their findings are reported in the article “DVa: Extracting Victims and Abuse Vectors from Android Accessibility Malware.”