Security researchers have detected a new android malware called "Defensor ID".
In its analysis ESET observed DEFENSOR ID had succeeded in infiltrating the google playstore, sneaking past mobile security checks by reducing its malicious functionality to a single action: requesting access to a device accessibility services. This previlage enabled the malware to perform 17commands received from the attacker, including launching an app and performing a click action remotely instructed by its handlers.
By controlling a device accessibility services DEFENSOR ID gave attackers the ability to steal access to and subsequently empty a victims cryptocurrency wallet or banking account. This previlage also gave malicious actors the ability to read SMS text messages for the purpose of intercepting a victims Two Step Verification code in the event that they had enabled this security feature on the their account.
Defend against DEFENSOR ID:
Security professionals can help defend their organisations against this malware by creating security policies around the use of the mobile devices. Those policies should limit the marketplaces and developers from which employees can download apps onto their corporate devices. Teams should also consider leveraging tools powered by ARTIFICIAL INTELLIGENCE (AI) to help to detect the latest threat behaviours circulating in the wild.
Post a Comment
0 Comments