Cybercriminals introduced malicious code in 17 applications of Play Storethe store of Googlea fact that puts users on alert.
These infected applications could be installed and, in turn, integrate a system called ‘daw dropper’, which consists of the remote download of malicious code of banking Trojans on users’ devices. These viruses were aimed steal information related to the bank accounts of the victims.
According to a report by Trend Micro Incorporated, a security company that alerted this situation, at the end of 2021a malicious campaign was found that claimed to use the DawDropper to bypass Play Store security and infect various apps from Android.
Platforms identified and to be removed are Just In: Video Motion, Document Scanner Pro, Conquer Darkness, Simpli Cleaner, Unicc QR Scanner, Call Recorder, Call Recorder pro +, Rooster VPN, Super Cleaner, Universal Saver Pro, Eagle photo edit , Extra Cleaner, Crypto Utils, Fix Cleaner, Lucky Cleaner,
The procedure was done through a third-party cloud service to circumvent the detection and get a payload download address.
The information revealed by the report, titled “Examining the new DawDropper Banking Dropper and DaaS in the Dark Web”, allowed to identify the set of compromised applications and are currently no longer available in the Play Store of Google.
Although the intention of the banking dropper method is to distribute and install viruses on the devices of its victims, there are many ways to achieve its goal.
According to the security firm’s observation, DawDropper has variants that produce four types of banking Trojans: Octo, Hydra, Ermac, and TeaBot. These use a database owned by Google, so they avoid being detected.
As additional programming, the virus had the ability to disable the Google Play Protectwhich is responsible for scanning the applications of a device and verifying that they do not contain malicious data, in addition to collecting user data, such as the identification of Android of infected smartphones, contact list, installed applications and even text messages.
How to avoid being a victim of cybercriminals
Cybercriminals are constantly finding ways to evade detection and infect as many devices as possible. Over the last half year, we have seen how banking Trojans have evolved to avoid detection, and hide malicious payloads in droplets.
As there are more banking trojans available, malicious actors will have an easier way to distribute malware disguised as Applications legitimate.
As this trend will continue and more banking Trojans will be distributed in the future, it is necessary for users to take into account these recommendations and security practices in order to fall victim to criminals.
In addition to those already mentioned, users can use other solutions that allow scanning the mobile devices in real time and, if it detects other malicious or malware-laden applications, block or remove them from the store.
:
