Search This Blog

Showing posts with label Increasing data Threats. Show all posts

New DawDropper Malware Targeting Android Devices via Play Store

Trend Micro security team has discovered a brand new phishing campaign that is distributing banking trojans on the Google Play Store. This malicious software is called DawDropper. These “Droppers” impersonate trusted apps to gain access to victims’ mobile devices and make it very legit to detect threat actors and are highly effective for malware distribution. 

Additionally, Trend Micro security researchers reported that over a dozen fake and malicious Android dropper apps are present on the Google Play store containing banking malware. 

The software (DawDropper) is very famous and, it is also offered for sale as DaaS (dropper-as-a-service) by some threat actors on the malicious web. Additionally, it used a third-party cloud service Firebase Realtime Database to evade detection and obtain a payload download address. It also hosts payloads on GitHub. 

This malicious campaign aims to gain access to users’ banking data to steal money from their banking apps including PIN codes, passwords, banking credentials, etc. Hackers can intercept text and gain complete command over affected devices through malware. 

“We found a malicious campaign that uses a new dropper variant that we have dubbed as DawDropper. Under the guise of several Android apps such as Just In Video Motion, Document Scanner Pro, Conquer Darkness, simpli Cleaner, and Unicc QR Scanner,” Trend Micro security team reported. 

The following are the names of the malicious dropper apps discovered on the Google Play Store: • Fix Cleaner, Crypto Utils, Rooster VPN, Lucky Cleaner, Extra Cleaner, Simple Cleaner, Conquer Darkness, Call Recorder APK, Unicc QR Scanner, Eagle photo editor, Call recorder pro+, Universal Saver Pro, Just In: Video Motion, Document Scanner – PDF Creator, Super Cleaner- hyper & smart. 

These apps are masqueraded as utility and productivity apps, including VPN services, QR code readers, call recorders, and document scanners. With the pretense of general utility apps, dropper apps bypass Play Store security checks. Besides DawDropper, these apps are used to download more capable and intrusive malware on a device, such as Octo (Coper), Hydra, Ermac, and TeaBot. 

Trend Micro’s blog post listed some points to help from infecting mobile devices: 

• Don’t download an app to your device without checking the user reviews in the app store. 
• Before downloading the app first research the developers and publishers of the app. 
• And, Avoid downloading apps from unknown sources.

Biden Prolongs National Emergency Amid Increasing Cyber Threats

 

In the backdrop of the Russia-Ukraine conflict, the increasing risk of cybersecurity threats against U.S. national security, economy, and foreign policy has prompted President Joe Biden to extend the state of national emergency which was originally declared by former President Barack Obama in April 2015. 

The national emergency period has been extended after the Cybersecurity and Infrastructure Security Agency has published a warning regarding possible Russian state-sponsored cyberattacks against U.S. organizations following the invasion of Ukraine. 

The war between Russia and Ukraine will be the main topic at Thursday's NATO meeting, in which Biden's administration will rally western allies and announce a new round of financial sanctions against the Russian government, and Biden is expected to announce sanctions on hundreds of Russians serving in the country's lower legislative body, it is being observed that further sanctions will increase cybersecurity threats against U.S government. 

Last month, U.S. organizations have been altered by the CISA and the FBI regarding the potential spillover of data wiping attacks against Ukraine. 

"Significant malicious cyber-enabled activities originating from or directed by persons located, in whole or in substantial part, outside the United States continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States. Therefore, I have determined that it is necessary to continue the national emergency declared in Executive Order 13694 with respect to significant malicious cyber-enabled activities," said Biden. 

On Tuesday, Biden's national security adviser Jake Sullivan said that the administration believes that right now "they have effective posture today for what's necessary today," but further he said that Biden and NATO allies will discuss "longer-term adjustments to NATO force posture on the eastern flank."