Daiane Santos

Mobile Security Specialist 10y xp in IT area Appsec & Mobsec OWASP Mobile Security member Focused in Android devices Drums, chess, dogs, books, movies...

Malware is a term used for any type of malicious software designed to harm or exploit any programmable device, service or network.

No content

No content

No content

No content

It runs a safety check on apps from the Google Play Store before you download them. It warns you about potentially harmful apps. It may deactivate or remove harmful apps from your device. It warns you about detected apps that violate Software Policy by hiding or misrepresenting important information. It sends privacy alerts about apps that can get user permissions to access your personal information, violating our Developer Policy.

Limiting and checking App permissions; Google Play Protect; RASP (Runtime Application Self-Protection); Code Obfuscation; In House Solutions. Set some action if a Malware is detected, ex: close the app automatically.

Runtime permissions gives additional access to restricted data or let your app perform restricted actions that affects the system and other apps. So, you need to request runtime permissions before access the restricted data or perform restricted actions.

No content

No content

No content

The Accessibility system was developed for users with disabilities. Using it, you can create an app that reads captions on all interface elements and enables you to activate these elements with your voice. This became possible because Accessibility grants you full access to the app interface in the form of a tree of elements: you can navigate through it and perform certain operations with its elements.

By exploiting accessibility services, the Trojan can access the UI of any other apps installed on the phone and steal data from them, including text. Most banking apps don't allow the user to take screenshots when they're being used, but some malwares like Svpeng, gets around this by using accessibility services to create overlays and make actions in background.

Adding accessibility service to AndroidManifest.xml

Add the receiver to the AndroidManifest.xml

Adding this simple keylogger, all information entered by the user in any input field of any app will be displayed in the console

In 2019, a vulnerability focused on the Android system emerged, which used the system_alert_window permission, focused on PopUps, to overlay the screen with a window over the apps.

No content

The focus of malware is precisely to trick the user into thinking that the program is useful or beneficial to him in some way. But in reality, the program performs actions that harm the user or application to harm other applications or services. In this case, using accessibility permissions to overlay the main screen and change the data underneath that screen.

Desabilitar Google Play Protect Habilitar downloads de fontes externas não oficiais Utiliza o app principal para download do gerenciador de device Desabilitam botão de desinstalar Permissões Dangerous e SignatureorSystem

Slow performance; Random reboots; Unusually data usage; Battery draining faster than usual; Unfamiliar apps installed; Overheating; Taking a long time to shut down; Signs of activity in standby mode; Weird sounds during phone calls; Weird text messages.

Thomas, Tony; Surendran, Roopak; John, Teenu S.; Alazab, Mamoun. Intelligent Mobile Malware Detection (Security, Privacy, and Trust in Mobile Communications). CRC Press. Kindle Edition.

Daiane Santos @Wh0isdxk @mobilehackingclub daianesantos[at]protonmail[dot]com