Project Publications
LOCARD related articles have been published in high-rated journals and presented in top conferences. The following list depicts all articles published and presented from the beginning of the project.

Reducing the Forensic Footprint with Android Accessibility Attacks


Android accessibility features include a robust set of toolsallowing developers to create apps for assisting people with disabilities. Unfortunately, this useful set of tools can also be abused and turned into an attack vector, providing malware with the ability to interact and readcontent from third-party apps. In this work, we are the first to study the impact that the stealthy exploitation of Android accessibility services can have on significantly reducing the forensic footprint of malware attacks, thus hindering both liveand post-incident forensic investigations. We show that through Living off the Land (LotL) tactics, or by offering a malware-only substitute for attacks typically requiring more elaborate schemes, accessibility-based malware can be rendered virtually undetectable. In the LotL approach, we demonstrate accessibility-enabled SMS andcommand and control (C2) capabilities. As for the latter, we show acomplete cryptocurrency wallet theft, whereby the accessibility trojancan hijack the entire withdrawal process of a widely used app, including two-factor authentication (2FA). In both cases, we demonstrate how the attacks result in significantly diminished forensic evidence when compared to similar attacks not employing accessibility tools, even to the extent of maintaining device take-over without requiring malware per-sistence.

Authors: Yonas Leguesse; Mark Vella; Christian Colombo; Julio Hernandez-Castro.

Journal: International Workshop on Security and Trust Management.

Date of Publication: 16 September, 2020.


Slide 1
Join the community
Follow us and stay connected and updated.
EU flag Copyright © 2019 - 2022 LOCARD. All rights reserved. This project has received funding from the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement nº 832735. This project reflects only the author’s view and the Commission is not responsible for any use that may be made of the information it contains.