Cybercriminals introduced malicious code in 17 applications of Play Storethe store of Googlea fact that puts users on alert.
These infected applications could be installed and, in turn, integrate a system called ‘daw dropper’, which consists of the remote download of malicious code of banking Trojans on users’ devices. These viruses were aimed steal information related to the bank accounts of the victims.
According to a report by Trend Micro Incorporated, a security company that alerted this situation, at the end of 2021a malicious campaign was found that claimed to use the DawDropper to bypass Play Store security and infect various apps from Android such as Just In: Video Motion, Document Scanner Pro, Conquer Darkness, Simpli Cleaner, and Unicc QR Scanner, among others. The procedure was done through a third-party cloud service to circumvent the detection and get a payload download address.
The information revealed by the report, titled “Examining the new DawDropper Banking Dropper and DaaS in the Dark Web”, allowed to identify the set of compromised applications and are currently no longer available in the Play Store of Google.
Although the intention of the banking dropper method is to distribute and install viruses on the devices of its victims, there are many ways to achieve its goal.
According to the security firm’s observation, DawDropper has variants that produce four types of banking Trojans: Octo, Hydra, Ermac, and TeaBot. These use a database owned by Google, so they avoid being detected.
As additional programming, the virus had the ability to disable the Google Play Protectwhich is responsible for scanning the applications of a device and verifying that they do not contain malicious data, in addition to collecting user data, such as the identification of Android of infected smartphones, contact list, installed applications and even text messages.
How to avoid being a victim of cybercriminals
Cybercriminals are constantly finding ways to evade detection and infect as many devices as possible. Over the last half year, we have seen how banking Trojans have evolved to avoid detection, and hide malicious payloads in droplets.
As there are more banking trojans available, malicious actors will have an easier way to distribute malware disguised as Applications legitimate.
As this trend will continue and more banking Trojans will be distributed in the future, it is necessary for users to take into account these recommendations and security practices in order to fall victim to criminals.
- Always review app ratings to see if other users are expressing unusual concerns or negative experiences.
- It is important to verify information from app developers and publishers.
- Downloading apps from suspicious websites is dangerous.
- Avoid installing apps from unknown sources.
In addition to those already mentioned, users can use other solutions that allow scanning the mobile devices in real time and, if it detects other malicious or malware-laden applications, block or remove them from the store.
Colombia is the country in Latin America that receives the most cyberattacks, this is the regional panorama
How to know if an Android phone was hacked
What are the best mobile games in the Google Play Store