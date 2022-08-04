A new malicious campaign used four different types of malware, hidden in at least 17 apps, to launch attacks that steal passwords and banking credentials from Android OS users. The software is part of an even larger criminal scheme, in which crooks sell virus delivery solutions to anyone willing to carry out attacks.

The details of the dropper-as-a-service (DaaS) operation were brought to light by TrendMicro, a security company that also notified Google to remove the rogue apps. According to experts, the pests used and the format of the campaign have been around since 2021, with software masquerading as cleaning apps, mainly, but also utilities and games being used to open the door to contamination.

The wave of attacks, called DawDropper, takes full advantage of hosting solutions on legitimate services as a way of evading detection and also ensuring successful infections. In addition to the apps that were available on the Google Play Store, malicious packages requested by the four pests were on GitHub, as well as other recognized cloud computing platforms.

17 malicious apps were used in the DawDropper campaign, which has been targeting Android users with banking viruses and stealing passwords since 2021 (Image: Reproduction/TrendMicro)

The apps used in this campaign are as follows:

Call Recorder;

Call Recorder Pro+;

VPN Rooster;

Super Cleaner;

Extra Cleaner;

FixCleaner;

Lucky Cleaner;

Simple Cleaner;

Document Scanner;

Document Scanner Pro;

Universal Saver Pro (two versions);

Unicc QR Scanner;

Eagle Photo Editor;

Just In: Video Motion;

Conquer Darkness;

Crypto Utils.

They were used, for example, to deliver TeaBot, a powerful malware that often appears on lists of top threats against the Android operating system. It is capable of recording what is entered by the user and also intercepting two-step authentication codes, allowing access to protected services and user information.

Another delivered pest, Octor goes even further, using victim-granted permissions for what it believes to be legitimate apps to capture screens and steal information from browsers. The virus is also capable of changing settings to keep the phone unlocked during the process of uploading files to criminals, for example, or lowering the screen brightness to a minimum so that the user does not notice that something is wrong.

The campaign was also completed by contamination with the Hydra and Ermac viruses, also known from the Android ecosystem and with hundreds of thousands of victims. Again, we are talking about banking malware that records typed data and steals victims’ personal information to access banking apps and private email and social media profiles.

How to avoid downloading dangerous apps on Android?

Malicious campaigns target the Play Store, precisely because it is the most popular store for Android; still, using the official marketplace is still the best route to security (Image: Mika Baumeister/Unsplash)

As stated by TrendMicro, we are talking about an active campaign since at least 2021. Malicious developers are able to bypass Play Store defenses using so-called droppers, which start the infection only after the dangerous app has already been installed on the company’s cell phone. victim.

Still, using the official Android store is still the best way to protect the platform. It’s best to avoid downloading apps that you don’t know or have low install totals, and pay attention to comments and ratings that can give you signs of danger.

Before downloading, it is still worth looking for reliable solutions and recognized developers on the internet. A search can bring up lists of quality apps that do what you need, as well as reports like this one that list dangerous software.

Finally, it is worth keeping the operating system up to date and security software always running on the smartphone. Even with the removal of the aforementioned apps from the Play Store, those who previously downloaded them are still in danger; if this is the case for you, do a full device scan and stop using sensitive software until you are sure the device is safe again.

Source: TrendMicro