- Malware can abuse Android’s accessibility functions to capture user data.
- Researchers developed DVa, an app to detect malware leveraging accessibility.
- Google is alerted about detected malicious apps to address the issue.
Over the past few months, cybercriminals have identified a new target: Android's accessibility features.
Researchers discovered that malware is using these tools to gain access to user data such as banking information, personal passwords, and more.
Malware can capture on-screen information and keystrokes by manipulating these accessibility functions, which are intended to improve the experience for users with disabilities in the first place.
Experts at the Georgia Institute of Technology have devised a solution to combat this new threat. Their app, Detector of Victim-specific Accessibility (also known as DVa), detects malware using accessibility features.
The rise of complex cyberattacks on smartphones is unsurprising, to say the last.
Despite improvements to Android's built-in security, such as machine learning-powered malware detection, there are always vulnerabilities for hackers to exploit.
Android's accessibility tools become more robust, creating more opportunities for malicious software to thrive.
However, malware such as Vultur is an example of how cybercriminals exploit accessibility features.
Tess Malone, a senior researcher at Georgia Tech, noted that “screen readers, voice-to-text, and other accessibility features have enabled people with disabilities to use smartphones.”
These features also make the phones more vulnerable to hackers. Malware can read screen content or simulate keystrokes, which can have disastrous consequences, such as transferring money from a banking app or preventing the malware from being removed.
Google's Play Store policies are intended to keep malicious apps from making it onto users' devices.
Unfortunately, hackers have found ways to bypass these safeguards. Many of these apps appear in the Play Store as harmless tools, only to later update with malicious code from external servers.
Subscribe to our newsletter

By the time the malware is discovered, it is frequently too late, and countless users have already been victimized.
Georgia Tech's DVa app uses a cloud service to simulate actions that would cause malicious behavior in apps.
When DVa detects a threat, it sends a report to Google, which assists the company in dealing with the issue.
However, this promising tool is currently unavailable to the public. It is currently an academic project, but technical experts can access the code and resources on GitHub.
While DVa's current capabilities are impressive, there is one remaining challenge: removing malware without disabling accessibility features that many users rely on.
Haichuan Xu, a Ph.D. student, says, “We need to figure out what's fundamentally different between a benign use and a malicious use.”
This balancing act between accessibility and security remains a critical issue as cybercriminals continue to improve their game.