ue 15(4): e1

Research Article

On Malware Leveraging the Android Accessibility Framework

Download938 downloads
  • @ARTICLE{10.4108/ue.1.4.e1,
        author={Joshua Kraunelis and Yinjie Chen and Zhen Ling and Xinwen Fu and Wei Zhao},
        title={On Malware Leveraging the Android Accessibility Framework},
        journal={EAI Endorsed Transactions on Ubiquitous Environments},
        keywords={Android, Malware, Attack},
  • Joshua Kraunelis
    Yinjie Chen
    Zhen Ling
    Xinwen Fu
    Wei Zhao
    Year: 2015
    On Malware Leveraging the Android Accessibility Framework
    DOI: 10.4108/ue.1.4.e1
Joshua Kraunelis1, Yinjie Chen1, Zhen Ling1,*, Xinwen Fu1, Wei Zhao1
  • 1: Computer Science Department, University of Massachusetts Lowell, One University Avenue, Lowell, MA 01854, 2School of Computer Science and Engineering, Southeast University, Nanjing, China,
*Contact email: zhenling@seu.edu.cn


The number of Android malware has been increasing dramatically in recent years. Android malware can violate users’ security, privacy and damage their economic situation. Study of new malware will allow us to better understand the threat and design effective anti-malware strategies. In this paper, we introduce a new type of malware exploiting Android’s accessibility framework and describe a condition which allows malicious payloads to usurp control of the screen, steal user credentials and compromise user privacy and security. We implement a proof of concept malware to demonstrate such vulnerabilities and present experimental findings on the success rates of this attack. We show that 100% of application launches can be detected using this malware, and 100% of the time a malicious Activity can gain control of the screen. Our major contribution is two-fold. First, we are the first to discover the category of new Android malware manipulating Android’s accessibility framework. Second, our study finds new types of attacks and complements the categorization of Android malware by Zhou and Jiang [32]. This prompts the community to re-think categorization of malware for categorizing existing attacks as well as predicting new attacks.