Mobile Security Engineer with 12+ years of hands-on experience, now leading Appdome Engineering into improving our unified mobile app defense platform
Gil Hartman
Exploring Android Accessibility Malware
Join us in exploring two techniques Android malware uses, focusing on the dangerous combination of credential stuffing attacks and Accessibility Service abuse. We'll demonstrate how cybercriminals can exploit these vulnerabilities to launch large-scale attacks on user accounts across multiple applications.
Our talk will walk you through:
1. The mechanics of credential stuffing and how it exploits common user behaviors.
2. How malware can abuse Android's Accessibility Service to automate malicious actions.
3. A step-by-step demonstration of a proof-of-concept that combines these techniques.
4. Clever methods cybercriminals use to conceal their activities from users.
5. The broader implications of these threats for mobile app security.
1 of 3
We'll dive into why these attacks are increasingly prevalent and how they can be executed with alarming ease. By understanding the attacker's perspective, we aim to highlight the critical need for robust security measures in mobile applications. However, implementing such security measures can be challenging for developers, often requiring significant time, expertise, and resources. This is where innovative solutions become crucial. Recognizing this gap in mobile app security, Appdome provides comprehensive protection against these threats through zero-code integration, allowing developers to secure their mobile apps effortlessly.