Research Article
On Malware Leveraging the Android Accessibility Framework
@INPROCEEDINGS{10.1007/978-3-319-11569-6_40, author={Joshua Kraunelis and Yinjie Chen and Zhen Ling and Xinwen Fu and Wei Zhao}, title={On Malware Leveraging the Android Accessibility Framework}, proceedings={Mobile and Ubiquitous Systems: Computing, Networking, and Services. 10th International Conference, MOBIQUITOUS 2013, Tokyo, Japan, December 2-4, 2013, Revised Selected Papers}, proceedings_a={MOBIQUITOUS}, year={2014}, month={12}, keywords={Android Malware Attack}, doi={10.1007/978-3-319-11569-6_40} }- Joshua Kraunelis
Yinjie Chen
Zhen Ling
Xinwen Fu
Wei Zhao
Year: 2014
On Malware Leveraging the Android Accessibility Framework
MOBIQUITOUS
Springer
DOI: 10.1007/978-3-319-11569-6_40
Abstract
The number of Android malware has been increasing dramatically in recent years. Android malware can violate users’ security, privacy and damage their economic situation. Study of new malware will allow us to better understand the threat and design effective anti-malware strategies. In this paper, we introduce a new type of malware exploiting Android’s accessibility framework and describe a condition which allows malicious payloads to usurp control of the screen, steal user credentials and compromise user privacy and security. We implement a proof of concept malware to demonstrate such vulnerabilities and present experimental findings on the success rates of this attack. We show that 100 % of application launches can be detected using this malware, and 100 % of the time a malicious Activity can gain control of the screen. Our major contribution is two-fold. First, we are the first to discover the category of new Android malware manipulating Android’s accessibility framework. Second, our study finds new types of attacks and complements the categorization of Android malware by Zhou and Jiang [21]. This prompts the community to re-think categorization of malware for categorizing existing attacks as well as predicting new attacks.