Android 13 is only available for a few days and only on Google Pixel smartphone. Still, malware has already managed to circumvent the security measures of the new version of the operating system.
Android 13 has introduced some new features designed to increase user security. Applications installed via the side drawers – ie not from the Play Store, but from third-party channels such as the browser or data transfer via USB-C – they do not have access by default accessibility services from android.
This is because accessibility services can be misused by hackers to steal important user information, including bank account credentials. This small obstacle is designed to complicate the life of cyber criminals. But practically nothing helped. A group of cyber criminals known as ‘Hadoken“(yes) he has already claimed that he has managed to circumvent the security measure.
BugDrop, a malware already analyzed by ThreatFabric researchers, is in fact perfectly capable of taking over accessibility services by taking advantage of a feature that allows some applications, such as the Amazon App Store, to install applications on the user’s phone. BugDrop has already been successfully hidden in a malicious application that camouflages itself under the guise of a QR code reader.
The good news is that BugDrop is still under development and does not appear to be fully functional. But for how long? According to the specialized site Phone Arena, that could change soon.
Source: Lega Nerd
