DVa: Extracting Victims and Abuse Vectors from Android Accessibility Malware
Haichuan Xu, Mohamed Moustafa Dawoud, Jeman Park, Brendan Saltaformaggio
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
This talk introduces **DVa (Detector of Victim-specific Accessibility Abuse)**, a novel system designed to comprehensively analyze and mitigate Android accessibility malware. Presented by Haichuan Xu (Ken) from Georgia Tech, DVa addresses critical shortcomings in current Android malware detection by providing actionable intelligence on targeted victim applications, specific abuse vectors, and adopted persistence mechanisms. The research highlights the "double-edged sword" nature of Android's Accessibility Service, a powerful utility intended for user assistance but frequently co-opted by attackers for malicious purposes, such as eavesdropping on screens and automating GUI interactions.
AI review
DVa presents a critical, comprehensive system for analyzing Android accessibility malware, moving beyond generic detection to extract specific victim applications, abuse vectors, and persistence mechanisms. Its technically sound approach, leveraging malware's own operational needs, provides actionable intelligence that is invaluable for users, app developers, and OS vendors in fortifying mobile defenses.