Exploring Android Accessibility Malware
2024-11-30 , Left Stage

Join us to explore two concerning techniques used by Android malware, focusing on the dangerous combination of credential stuffing attacks and Accessibility Service abuse. We'll demonstrate how cybercriminals can exploit these vulnerabilities to launch large-scale attacks on user accounts across multiple applications.

Our talk will walk you through:

  1. The mechanics of credential stuffing and how it exploits common user behaviors.
  2. How malware can abuse Android's Accessibility Service to automate malicious actions.
  3. A step-by-step demonstration of a proof-of-concept that combines these techniques.
  4. Clever methods cybercriminals use to conceal their activities from users.
  5. The broader implications of these threats for mobile app security.

We'll delve into why these attacks are increasingly prevalent and how they can be executed with alarming ease. By understanding the attacker's perspective, we aim to highlight the critical need for robust security measures in mobile applications.
However, implementing such security measures can be challenging for developers, often requiring significant time, expertise, and resources. This is where innovative solutions become crucial. Recognizing this gap in mobile app security, Appdome provides comprehensive protection against these threats through zero-code integration, allowing developers to secure their mobile apps effortlessly.

Software Engineer at Appdome for the past 2 years, developing Anti-Fraud and Geo-Compliance solutions for mobile security