Researchers have come across a piece of malware that threats the accessibility service in Android to steal sensitive data from infected smartphones.
The threat, detected as “AndroRATIntern” and sold commercially as “AndroidAnalyzer,” is a surveillance tool created with the AndroRAT toolkit. As noted it’s the first threat that abuses accessibility features offered by the Android operating system for data theft.
The malware is utilized to target users in Japan. Once it’s deployed on a smartphone, the Trojan is capable of collecting contact data, SMS messages, videos, photos, call logs, GPS location, SD card changes, and messages from LINE, a popular communications app developed by a Japan-based company.
Android malware that steals SMS messages, contact data, and other files is not uncommon. However, stealing messages from LINE is more difficult because the application runs in a sandbox.
AndroRATIntern bypasses this security mechanism by abusing the text-to-speech accessibility feature in Android. This feature is designed to aid visually impaired users, but the malware developers are leveraging it to capture LINE messages when they are opened by the victim.
Experts say AndroRATIntern poses a threat to both individuals and enterprises. However, they have pointed out that the malware can only be installed on Android smartphones by an attacker who has physical access to the targeted device. This makes it a more targeted threat.