June 11, 2024
A 2024 report revealed that the number of Android users attacked by banking malware in 2023 increased by 32% compared to the previous year. While this highlights the increasing importance of everyone involved in the development, distribution, and use of the app to prioritize security, developers play a crucially important role in ensuring that malware cannot successfully attack end-users' devices by setting up the right security controls to defend against targeted malware attacks.
While it is impractical, or even impossible, to predict and protect against all attack techniques malware might employ, our research discovered that most malware strains exploit the same three tactics to execute their attacks. Today, Android developers can seamlessly implement DexGuard’s built-in malware defenses into their application’s code to protect against the most common attack techniques, while ensuring full usability and functionality of the app for all users.
Figure 1. Three of the most common Android malware attack techniques
- Accessibility services abuse: Accessibility services are a set of powerful features that can read text aloud, fill in forms, and click buttons for users with disabilities. Malware can misuse these capabilities to trigger unwanted actions to steal from users.
- Screen capture & recording attack: Malware can maliciously use screenshot and screen recording capabilities in Android devices to spy on users’ login credentials and other sensitive information via a command-and-control server.
- UI Injection attack: Banking malware is frequently capable of displaying a layer on top of a target application to trick users into doing something the attackers want such as making fund transfers or disclosing sensitive information such as their banking credentials.
You can learn more about the malware attack techniques we observed through this blog.
New: DexGuard malware protection
Easy to implement, robust protection
DexGuard malware protection is a standard feature now available to all DexGuard users. Like other code hardening and runtime protection self-protection (RASP) capabilities available within DexGuard, malware protection can be easily activated within the protection configuration file. Once activated, DexGuard protects your app against the malicious use of accessibility services, prevents spying via screen capture or screen recordings, and blocks malicious overlays from being displayed on or interacting with your app or your users. If DexGuard detects a technique used by malware, end-users will be notified through a customizable toast and notification to let them know that the application might currently be operated under unsafe conditions.
Maintain secure use of accessibility services and monitor attacks in real-time
One way to prevent accessibility services abuse is by entirely blocking its use on your app. While this might be a convenient approach, blocking the use of accessibility services will severely impact the user experience of those who rely upon it to engage with and use your app. DexGuard malware protection was developed to protect against accessibility services abuse while maintaining the full functionality and proper usability of the application for all users. Taking it a step further, developers can integrate ThreatCast to continuously monitor all accessibility services abuse attempts, as they occur. A user-friendly dashboard shows more detailed information about each attack, including the end user’s device mode, location, and app version. This information allows you to assess the situation and adjust your security response accordingly.
Figure 2. ThreatCast provides real-time visibility into accessibility services abuse attempts
The importance of protection against static and dynamic attacks
It is important to remember that the most effective defense strategy against mobile application attacks requires a layered approach. In the case of malware, without sufficient protection against tampering and reverse engineering, threat actors can easily study your app, develop highly targeted malware, and even bypass the malware defenses you put in place. Take, for example, what happened to one well-known bank in Southeast Asia that didn’t properly layer their mobile app protection. Attackers could bypass the implemented malware defenses, repackage the app, and redistribute it to perform phishing campaigns on their customers. With DexGuard, your defenses are multi-layered through an extensive set of code hardening and runtime protection features. Additionally, DexGuard’s polymorphic protection approach automatically resets the clock for attackers by ensuring that no protection configuration is the same on each release.
Comprehensive protection against Android malware
Guardsquare is committed to equipping mobile application developers with the tools and resources they need to win the fight against malware. Learn more about malware and how Guardsquare can help protect against malware attacks.
Contact us to learn more about DexGuard malware protection.
