According to information from Trend Micro, a multinational company specializing in cybersecurity, a campaign carried out by cybercriminals used Google Play Store apps to store user data by installing banking malware on Android. Cybercrime is increasingly prevalent and care must be continuous! Read on and check which apps have been caught by banking malware on Android.
Read more: 5 things you should do to keep your cell phone safe
understand the situation
The apps that criminals use are known as “Android Dropper,” which is a subtype of malware that aims to allow another malicious file to run. In this case, seventeen apps share a dropper, or DawDropper, and present themselves as productivity tools and utilities, such as a QR code reader and document scanner. The term used (dropper) refers specifically to the slow and accurate transfer of users’ personal data.
Trend Micro states that DawDropper uses an online database called Firebase Realtime Database, a cloud storage service, to avoid detection by security tools and dynamically obtain an address to download the payload.
Thus, it means that the criminals are operating through the cloud storage with enough space for downloading the downloads. The company claims that malicious download payloads are also uploaded to GitHub.
How do attacks work?
Droppers are apps that are built to pass the security checks of the Google Play Store. However, they are then used to download invasive malware on electronic equipment, such as Octo (Coper), Hydra, Ermac and TeaBot. So, it all starts with the user downloading the app, and once it’s installed, the attack sequence begins as the apps that are part of DawDropper establish connections with cloud databases to receive the link to the malicious content and install on the device.
All the apps involved in the scam have been removed from the Play Store. But check out the list and see if you’ve downloaded any in the past few months:
- call recorder apk;
- VPN Rooster app;
- Super Cleaner – hyper and smart;
- Document Scanner – PDF Creator;
- Universal Saver Pro;
- eagle photo editor;
- call recorder pro +;
- Extra Cleaner
- Encryption Utilities.
- Fix Cleaner
- Only in: motion video;
- fortune cleaner
- Simple Cleaner
- Unicc QR reader;
- com.myunique.sequencestore;
- com.flowmysequto.yamer;
- com.gaz.universaver.com.
Octo malware, for example, disables Google Play Protect and uses remote computing to record victims’ device screen and activity, including confidential banking information, email and app passwords being sent to a remote server.
According to Trend Micro, more and more cybercriminals are specialized and seeking to manipulate the security mechanisms of stores and illegally capture data from the largest number of users. It is necessary to be attentive.
“Hardcore beer fanatic. Falls down a lot. Professional coffee fan. Music ninja.”
More Stories
The 4-day work week could become a reality for those who have a formal contract
Limpa Nome promises discounts of up to 99%.
Foz de Amazonas: Obama technicians recommend rejection – 10/29/2024 – Environment