BugDrop Android malware developers are attempting to bypass the new Restricted setting security feature introduced in the new Android 13 version. The new OS was rolled out to Pixel devices initially, and the source code was posted on AOSP. A successful bypass may mean a breach of security even before it is implemented among the masses properly.

But what are Android 13 security restrictions?

With new security restrictions in Android 13, Google aims to stop mobile malware attempting to enable Android permissions.
  • Accessibility Services is a widely abused disability assistance system that exists on Android to enable apps to perform swipes and taps that are done without the permission of the user.
  • In this latest Android version, Google introduced a 'Restricted setting' feature, which stops sideloaded applications from requesting Accessibility Service privileges, and limits the function to Play-sourced APKs.

Bypassing Security

Researchers at Threat Fabric claim that malware authors are developing Android malware droppers that can bypass new security restrictions and even deliver payloads with high privileges.
  • In Xenomorph Android malware campaigns, the researchers spotted the new BugDrop dropper, which is still under development.
  • This novel dropper has code similar to Brox, a freely distributed malware development tutorial project. 
  • However, the dropper comes with a modification in one string of the installer function, which enables it to bypass the latest security restrictions in Android 13.

Evading Restricted settings 

The Smali code of the string in the BugDrop dropper corresponds to the action needed to create an installation process by session.
  • Session-based installation is a multi-staged installation of malware onto an Android device, which operates by splitting the packages into smaller pieces and giving them identical names, versions, and certificates.
  • By doing so, Android won't be able to identify the payload installation as sideloading the APK, and Accessibility Service restrictions don't apply.

Conclusion

The recent development is seriously concerning for Android users. BugDrop, which is still in its early stage, could be proven a hazard if firms do not learn how to tackle such threats. Meanwhile, we are hopeful that Google will do whatever it takes to make the malware ineffective and nullify the threat for its users.
Cyware Publisher

Publisher

Cyware