BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//papers.synesthesia.it//KKP3BV BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-droidcon-2024-KKP3BV@papers.synesthesia.it DTSTART;TZID=CET:20241130T121000 DTEND;TZID=CET:20241130T125000 DESCRIPTION:Join us to explore two concerning techniques used by Android ma lware\, focusing on the dangerous combination of credential stuffing attac ks and Accessibility Service abuse. We'll demonstrate how cybercriminals c an exploit these vulnerabilities to launch large-scale attacks on user acc ounts across multiple applications.\n\nOur talk will walk you through:\n\n 1. The mechanics of credential stuffing and how it exploits common user be haviors.\n2. How malware can abuse Android's Accessibility Service to auto mate malicious actions.\n3. A step-by-step demonstration of a proof-of-con cept that combines these techniques.\n4. Clever methods cybercriminals use to conceal their activities from users.\n5. The broader implications of t hese threats for mobile app security.\n\nWe'll delve into why these attack s are increasingly prevalent and how they can be executed with alarming ea se. By understanding the attacker's perspective\, we aim to highlight the critical need for robust security measures in mobile applications.\nHoweve r\, implementing such security measures can be challenging for developers\ , often requiring significant time\, expertise\, and resources. This is wh ere innovative solutions become crucial. Recognizing this gap in mobile ap p security\, Appdome provides comprehensive protection against these threa ts through zero-code integration\, allowing developers to secure their mob ile apps effortlessly. DTSTAMP:20241129T115512Z LOCATION:Left Stage SUMMARY:Exploring Android Accessibility Malware - Kostya Kishnevsky URL:https://papers.synesthesia.it/droidcon-2024/talk/KKP3BV/ END:VEVENT END:VCALENDAR