Appdome Releases New Defenses to Combat Accessibility Malware

Groundbreaking protections detect accessibility malware without impacting real mobile end users

Redwood City, Calif. –(September 26, 2023) – Appdome, the one-stop shop for mobile app defense, today announced new mobile anti-malware protections that detect Android Accessibility Service Malware such as Xenomorph, BrasDex, Octo, SharkBot, FluBot, TeaBot, PixPirate, Sova, SpyNote, Joker and more. These malware are used to carry out large scale, distributed attacks on mobile banking apps, crypto wallets, and other financial services apps.

Accessibility Service is the Android framework designed to allow mobile applications for individuals who are disabled to interact with all applications on an Android device. Unfortunately, Accessibility Service is now the target of abuse by fraudsters and others, who use malware to connect through Accessibility Service into banking and other mCommerce applications. Once the Accessibility Malware is on a user’s device, it can listen, collect, intercept and manipulate Android Accessibility Service events to perform harmful actions on behalf of users without their knowledge, often mimicking human actions within the mobile app, such as harvesting login credentials and completing transactions. Two of the most advanced variants focus on Android banking apps – BrasDex in Latin America and Xenomorph in the U.S. and Europe use Automated Transfer Systems (ATS) malware. ATS malware can complete end-to-end transactions – without a user being involved.

“This is a difficult problem to solve,” said Tom Tovar, co-creator and CEO of Appdome. “To support the community, we created a defense that allows legitimate use of Accessibility Service, while at the same time prevents ATS malware from using Accessibility Service for nefarious purposes.”

Appdome’s new Prevent Accessibility Malware feature includes:

  • Detection of ATS Malware using dozens of methods.
  • Detection of ATS Malware methods, such as Overlay and Keylogging in the context of Accessibility Service
  • Set Trusted Accessibility Services, so brands can identify the Accessibility Service applications recommended to their users.
  • To supplement Trusted Accessibility Services, Appdome has included an Accessibility Service Consent that allows mobile end users to accept specific Accessibility Services applications to be used with their applications.

“In this age of digitization, we have to provide safe and secure mobile application experiences for all mobile end users,” said Richard Stiennon, Chief Research Analyst of IT-Harvest. “The Android Accessibility Malware attack vector is one such case that demands an extra layer of defense.”

Appdome’s Cyber Defense Automation platform for mobile apps empowers developers and cyber teams to seamlessly build protections against Accessibility Service Malware directly into any mobile app, all from within the DevOps CI/CD pipeline with no code or coding required.

For more information about Appdome’s Accessibility Malware prevention, visit:

About Appdome
Appdome, the mobile app economy’s one-stop-shop for mobile app defense, is on a mission to protect every mobile app in the world and the people who use mobile apps in their lives and at work. Appdome provides the mobile industry’s only mobile application Cyber Defense Automation platform, powered by a patented artificial-intelligence based coding engine, Threat-Events™ Threat-Aware UX/UI Control and ThreatScope™ Mobile XDR. Using Appdome, mobile brands eliminate complexity, save money and deliver 300+ Certified Secure™ mobile app security, anti-malware, anti-fraud, MobileBOT™ Defense, anti-cheat, MiTM attack prevention, code obfuscation and other protections in Android and iOS apps with ease, all inside the mobile DevOps and CI/CD pipeline. Leading financial, healthcare, mobile games, government and m-commerce brands use Appdome to protect Android and iOS apps, mobile customers and mobile businesses globally. Appdome holds several patents including U.S. Patents 9,934,017 B2, 10,310,870 B2, 10,606,582 B2, 11,243,748 B2 and 11,294,663 B2. Additional patents pending.


Have a question?

ask an expert

GilWe're here to help
We'll get back to you in 24 hours to schedule your demo.

Search Appdome Solutions

Blog Top 3 Ways Screen Overlay Attacks Are Used for Mobile Fraud

How Attackers Use Overlay Attacks to Commit Mobile Fraud

A Screen Overlay Attack (sometimes also called Clickjacking) is an attack method whereby bad actors and fraudsters uses multiple transparent or opaque layers to trick a user into clicking on a button…