DET0606 Detection of Virtualization Solution

Technique Detected: T1670 (Virtualization Solution)

Analytics

Android

AN1656

The user can view a list of device administrators and applications that have registered Accessibility services in device settings. Applications that register an Accessibility service or request device administrator permissions should be scrutinized further for malicious behavior. Application vetting services can look for applications that request permissions to Accessibility services or application overlay. Monitor for API calls that are related to GooglePlayServices.

Log Sources

Mutable Elements