Researchers develop new tool for spotting Android malware

Security researchers have devised a new tool to help Android users spot and remove malware from their devices.

Detector of Victim-specific Accessibility (DVa) was built by cybersecurity experts at Georgia Tech, and runs on the cloud, checks the phone for malware that abuses accessibility permissions, and then reports back to the user.

If the tool finds any positives, the user can then uninstall the app or otherwise clean up their device.

GPUs making attacks potent

"As we continue to design systems that are more and more accessible, we also need security experts in the room," said Brendan Saltaformaggio, an associate professor in the School of Cybersecurity and Privacy (SCP) and the School of Electrical and Computer Engineering. "Because if we don't, they're going to get abused by hackers."

Besides reporting back to the user, DVa also sends a report directly to Google. While certainly commendable, it is also worth mentioning that Google is doing a solid job keeping its app repository clean, as it is. The majority of Android-based malware is usually downloaded from third-party app stores, shady websites, or through social media advertising.

Most of the time, Android malware can be identified by the permissions it asks for. Usually, this type of malware will ask for Accessibility permissions, which are primarily built to simplify use for people with different disabilities. Accessibility permissions are designed for apps that can read the contents on the screen, turn it to audio, and similar.

However, malicious apps with the same permissions can tap on things, which can lead to data loss and even wire fraud.

“The Android accessibility service is widely abused by malware to conduct on-device monetization fraud,” the researchers explained in the whitepaper. “Existing mitigation techniques focus on malware detection but overlook providing users evidence of abuses that have already occurred and notifying victims to facilitate defenses. We developed DVa, a malware analysis pipeline based on dynamic victim-guided execution and abuse-vector-guided symbolic analysis, to help investigators uncover malware’s targeted victims, victim-specific abuse vectors, and persistence mechanisms.”

After deploying DVa on Android devices infected with almost 10,000 malware, the researchers uncovered 215 unique victim vectors and an average of 13.9 abuse routines. The full research can be found here .

More from TechRadar Pro

• Dangerous new Android malware infects 11 million devices — here's what we know
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now