There's an adware out there which uses features for the visually impaired to install malicious apps on an Android-powered device. The worst part is that it doesn't use a vulnerability in the system, but instead abuses a service's legitimate features.
Researchers from mobile security provider Lookout have spotted the abusers and published a blog post about it on Thursday morning.
According to the report, the hijacking happens after a user has installed a trojanized app that masquerades as an official app available in Google Play and then is made available in third-party markets.
During the installation, apps from an adware family known as Shedun try to trick people into granting the app control over the Android Accessibility Service, designed to provide vision-impaired users means to interact with their devices.
After that, the app can display pop-up ads that install highly intrusive adware. Even if the user explicitly forbids the ad to install anything, it does so nevertheless.
"Shedun does not exploit a vulnerability in the service, instead it takes advantage of the service’s legitimate features,” Lookout wrote in the blog post. “By gaining the permission to use the accessibility service, Shedun is able to read the text that appears on screen, determine if an application installation prompt is shown, scroll through the permission list, and finally, press the install button without any physical interaction from the user.”
Shedun is one of several families of adware that can't easily be uninstalled. The apps root the device and then embed themselves into the system partition to ensure they persist even after factory reset.