DET0697 Detection of Abuse Accessibility Features

Technique Detected: T1453 (Abuse Accessibility Features)

Analytics

Android

AN1812

Application vetting services can look for applications requesting the permissions granting access to accessibility services or application overlay. The user can view a list of device administrators and applications that have registered Accessibility services in device settings. Applications that register an Accessibility service should be scrutinized further for malicious behavior.

Log Sources

Mutable Elements