Researchers from LookOut, a San Francisco-based mobile security company that provides security to both private and business mobile devices, have detected a malware dubbed “AndroRATIntern” that abuses the accessibility service in Android to steal sensitive data from infected smartphones.
“After discovering this threat, Lookout notified both LINE and Google. None of LINE’s systems were breached. All Lookout users are protected against this threat,” the researchers wrote in the blog.
According to the researchers, AndroRATIntern is surveillanceware developed from the AndroRAT malware toolkit. It is sold commercially as “AndroidAnalyzer”.
“The threat is notably the first piece of malware we’ve ever seen abusing the Android accessibility service to steal data,” the blog read.
According to them, the malware targets the Japanese market. It can collect a broad amount of data from infected devices, including LINE’s, which allows users to make voice and video calls and send messages and most popular communications apps in Japan, messages, contact data, call logs, SMS, audio, video, photos, SD card changes, and GPS location.
The researchers said that the AndroRATIntern must be locally installed which requires a malicious actor to have physical, unmonitored access to the target device, making it a much more targeted threat that cannot be spread by drive-by-download campaigns.
It steals SMS messages, contact data, and other files are not uncommon. However, it is difficult to steal messages from LINE as the application runs in a sandbox.
The malware bypasses the security mechanism by abusing the text-to-speech accessibility feature in Android. This feature is designed to aid visually impaired users, but the malware developers are leveraging it to capture LINE messages when they are opened by the victim.
The researcher pointed out some tips which can keep people safe:
- - Keep a pass-code on your device. it will be significantly harder for someone to download and install anything to your phone if it’s locked
- -Download security software that can tell you if malicious software is running on your device