According to information from Trend Micro, a multinational specializing in cybersecurity, a campaign carried out by cybercriminals used Google Play Store applications to store user data by installing banking malware on Android. Cyber crimes are increasingly common and care must be constant! Read on and check out which apps were captured by banking malware on Android.
Read more: 5 things you should do to keep your cell phone safe
understand the case
The apps used by criminals are known as “Android dropper”, a subtype of malware intended to allow another malicious file to run. In this case, seventeen dropper applications, or DawDropper, are involved and present themselves as productivity tools and utilities, such as a QR Code reader and document scanner. The term used (dropper) refers precisely to a slow and accurate transfer of users’ personal data.
Trend Micro stated that DawDropper makes use of an online database called Firebase Realtime Database, which is a cloud storage service, to avoid detection by protection tools and dynamically obtain address to download payload.
Thus, it means to say that criminals operate through cloud storage with enough space for downloads to be carried out. The company claims that malicious download payloads are also deposited on GitHub.
How attacks work
Droppers are apps created to pass the security checks of Google’s app store. However, they are then used to download invading malware onto electronic equipment, such as Octo (Coper), Hydra, Ermac and TeaBot. So, everything starts with the user downloading the application and, once installed, the sequence of attacks begins in which the apps that are part of DawDropper establish connections with cloud databases to receive the link with the malicious content and the install on the device.
All apps involved in the scam have been removed from the Play Store. But check out the list and see if you’ve downloaded any of them in the last few months:
- Call Recorder APK;
- VPN Rooster;
- Super Cleaner – hyper & smart;
- Document scanner – PDF Creator;
- Universal Saver Pro;
- Eagle photo editor;
- Call recorder pro+;
- Extra Cleaner;
- Crypto Utils;
- Just In: Video Motion;
- Lucky Cleaner;
- Simple Cleaner;
- Unicc QR reader;
The Octo malware, for example, disables Google Play Protect and uses remote computing to record victims’ device screen and activity, including confidential banking information, email passwords, applications, which are sent to a remote server.
According to Trend Micro, more and more cybercriminals specialize and seek to manipulate the security mechanisms of stores and illegally capture data from the largest number of users. It is necessary to be attentive.