Downloading content online may never be a totally safe procedure nowadays. Even if your device is equipped with powerful software that has protection purposes, dangerous apps will always exist. One recent proof for that matter is an evil app found within the Google Play Store. It has the power to wipe out both bank accounts and cryptocurrency wallets.
Security experts from ESET discovered the dangerous app, and Google shouldn’t be blamed for this. The evil piece of software managed to infiltrate itself in the Play Store by stealthy methods.
DEFENSOR ID is its name
DEFENSOR ID is its name, and terrorizing the users is its game. The malicious function that remained was exploiting the Accessibility Service. ESET malware researcher Lukas Stefanko said:
Accessibility Service is long known to be the Achilles’ heel of the Android operating system.
Security solutions can detect it in countless combinations with other suspicious permissions and functions, or malicious functionalities – but when faced with no additional functionality nor permission, all failed to trigger any alarm on DEFENSOR ID.
Furthermore, the guy added:
By ‘all’ we mean all security mechanisms guarding the official Android app store (including the detection engines of the members of the App Defense Alliance) and all security vendors participating in the VirusTotal programme.
How DEFENSOR ID does its dirty job
The research made by ESET reveals that once the app is installed on Android devices, it asks for various permissions when it’s started up. One of them is to “activate accessibility services”, and then the app is capable of reading any text displayed within any app on the device. Furthermore, DEFENSOR ID will send that text to attackers.
Luckily for us, Google took down the evil app from its Play Store last month, so we don’t have to worry about it anymore. However, we must delete the app ASAP if we have it installed on our devices.