https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
In this blog we will look at how threat actors are bypassing the “Restricted Settings” security measure introduced by Google in Android 13 to help protect against malware by taking a closer look at SecuriDropper, the first example of a widely distributed dropper bypassing this security measure…
Restricted Settings acts as a gatekeeper, prohibiting sideloaded applications from directly requesting Accessibility settings and Notification Listener access, two features often abused by malware. For sideloaded apps, the entry in the Accessibility menu corresponding to the app will be greyed out and not directly accessible, while the user will receive a Restricted Setting alert…
What makes SecuriDropper stand out is the technical implementation of its installation procedure. Unlike its predecessors, this family uses a different Android API to install the new payload, mimicking the process used by marketplaces to install new applications…
