Search This Blog

New DawDropper Malware Targeting Android Devices via Play Store

The software offered for sale as DaaS (dropper-as-a-service) by some threat actors on the malicious web.
Trend Micro security team has discovered a brand new phishing campaign that is distributing banking trojans on the Google Play Store. This malicious software is called DawDropper. These “Droppers” impersonate trusted apps to gain access to victims’ mobile devices and make it very legit to detect threat actors and are highly effective for malware distribution. 

Additionally, Trend Micro security researchers reported that over a dozen fake and malicious Android dropper apps are present on the Google Play store containing banking malware. 

The software (DawDropper) is very famous and, it is also offered for sale as DaaS (dropper-as-a-service) by some threat actors on the malicious web. Additionally, it used a third-party cloud service Firebase Realtime Database to evade detection and obtain a payload download address. It also hosts payloads on GitHub. 

This malicious campaign aims to gain access to users’ banking data to steal money from their banking apps including PIN codes, passwords, banking credentials, etc. Hackers can intercept text and gain complete command over affected devices through malware. 

“We found a malicious campaign that uses a new dropper variant that we have dubbed as DawDropper. Under the guise of several Android apps such as Just In Video Motion, Document Scanner Pro, Conquer Darkness, simpli Cleaner, and Unicc QR Scanner,” Trend Micro security team reported. 

The following are the names of the malicious dropper apps discovered on the Google Play Store: • Fix Cleaner, Crypto Utils, Rooster VPN, Lucky Cleaner, Extra Cleaner, Simple Cleaner, Conquer Darkness, Call Recorder APK, Unicc QR Scanner, Eagle photo editor, Call recorder pro+, Universal Saver Pro, Just In: Video Motion, Document Scanner – PDF Creator, Super Cleaner- hyper & smart. 

These apps are masqueraded as utility and productivity apps, including VPN services, QR code readers, call recorders, and document scanners. With the pretense of general utility apps, dropper apps bypass Play Store security checks. Besides DawDropper, these apps are used to download more capable and intrusive malware on a device, such as Octo (Coper), Hydra, Ermac, and TeaBot. 

Trend Micro’s blog post listed some points to help from infecting mobile devices: 

• Don’t download an app to your device without checking the user reviews in the app store. 
• Before downloading the app first research the developers and publishers of the app. 
• And, Avoid downloading apps from unknown sources.
Share it:

Data Stolen

DawDropper

Increasing data Threats

malware