Zen: a Complex Campaign of Harmful Android Apps
2023-04-24 | 15:10 – 15:50
Android malware authors go to great lengths to come up with increasingly clever ways to monetise their apps. The author (or a group) presented during my talk shows quite the range, from simply repacking apps with a bespoke advertising SDK to writing a sophisticated rooting trojan with new techniques never seen in other harmful apps. Their most complex creation is called “Zen”. Zen bundles exploits to gain privileged root access. It then uses this access to create fake Google accounts on devices. These accounts are created by abusing accessibility service with additional help from code injection.