{"id":468,"date":"2022-08-06T14:40:02","date_gmt":"2022-08-06T14:40:02","guid":{"rendered":"https:\/\/cybersecuritynest.com\/?p=468"},"modified":"2022-09-04T11:46:54","modified_gmt":"2022-09-04T11:46:54","slug":"over-a-dozen-android-apps-on-google-play-store-caught-dropping-banking-malware","status":"publish","type":"post","link":"https:\/\/cybersecuritynest.com\/?p=468","title":{"rendered":"Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware"},"content":{"rendered":"<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-large mash-center mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fcybersecuritynest.com%2F%3Fp%3D468\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Share&nbsp;on&nbsp;Facebook<\/span><\/a><a class=\"mashicon-twitter mash-large mash-center mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/cybersecuritynest.com\/?p=468&amp;via=CYBERSECNEST\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Tweet&nbsp;on&nbsp;Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-large mash-center mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe&nbsp;to&nbsp;Newsletter<\/span><\/a><div class=\"onoffswitch2 mash-large mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47-->\r\n<p>A malicious campaign leveraged seemingly risk free Android dropper apps on the Google Play save to compromise users&#8217; gadgets with banking malware.<\/p>\r\n\r\n\r\n\r\n<p>These 17 dropper apps, collectively dubbed DawDropper with the aid of fashion Micro, masqueraded as productiveness and utility apps consisting of record scanners, QR code readers, VPN services, and phone recorders, amongst others. these types of apps in question have been eliminated from the app marketplace.<\/p>\r\n\r\n\r\n\r\n<p>&#8220;DawDropper makes use of Firebase Realtime Database, a third-birthday party cloud service, to keep away from detection and dynamically obtain a payload down load cope with,&#8221; the researchers said. &#8220;It additionally hosts malicious payloads on GitHub.&#8221;<\/p>\r\n\r\n\r\n\r\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"728\" height=\"319\" class=\"wp-image-469\" src=\"https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/08\/apps.jpg\" alt=\"\" srcset=\"https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/08\/apps.jpg 728w, https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/08\/apps-300x131.jpg 300w\" sizes=\"(max-width: 728px) 100vw, 728px\" \/><\/figure>\r\n\r\n\r\n\r\n<p>Droppers are apps designed to sneak past Google&#8217;s Play store safety exams, following which they&#8217;re used to down load stronger and intrusive malware on a device, in this example, Octo (Coper), Hydra, Ermac, and TeaBot.<\/p>\r\n\r\n\r\n\r\n<p>Assault chains worried the DawDropper malware setting up connections with a Firebase Realtime Database to get hold of the GitHub URL necessary to down load the malicious APK document.<\/p>\r\n\r\n\r\n\r\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex\">\r\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"728\" height=\"686\" data-id=\"470\" class=\"wp-image-470\" src=\"https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/08\/malware.jpg\" alt=\"\" srcset=\"https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/08\/malware.jpg 728w, https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/08\/malware-300x283.jpg 300w\" sizes=\"(max-width: 728px) 100vw, 728px\" \/><\/figure>\r\n<\/figure>\r\n\r\n\r\n\r\n<p><br \/>The listing of malicious apps formerly to be had from the app save is beneath &#8211;<\/p>\r\n\r\n\r\n\r\n<p>call Recorder APK (com.caduta.aisevsk)<br \/>rooster VPN (com.vpntool.androidweb)<br \/>outstanding purifier- hyper &amp; smart (com.j2ca.callrecorder)<br \/>document Scanner &#8211; PDF creator (com.codeword.docscann)<br \/>general Saver pro (com.virtualapps.universalsaver)<br \/>Eagle photo editor (com.techmediapro.photoediting)<br \/>call recorder seasoned+ (com.chestudio.callrecorder)<br \/>greater purifier (com.casualplay.leadbro)<br \/>Crypto Utils (com.utilsmycrypto.mainer)<br \/>FixCleaner (com.cleaner.fixgate)<br \/>simply In: Video movement (com.olivia.openpuremind)<br \/>com.myunique.sequencestore<br \/>com.flowmysequto.yamer<br \/>com.qaz.universalsaver<br \/>lucky cleaner (com.luckyg.cleaner)<br \/>Simpli cleanser (com.scando.qukscanner)<br \/>Unicc QR Scanner (com.qrdscannerratedx)<br \/>protected among the droppers is an app named &#8220;Unicc QR Scanner&#8221; that become formerly flagged by Zscaler this month as dispensing the Coper banking trojan, a version of the Exobot mobile malware.<br \/>Octo is likewise regarded to disable Google Play defend and use virtual network computing (VNC) to file a sufferer device&#8217;s display, along with sensitive facts which include banking credentials, electronic mail addresses and passwords, and PINs, all of which might be eventually exfiltrated to a faraway server.<\/p>\r\n\r\n\r\n\r\n<p>Banking droppers, for his or her component, have developed for the reason that start of the year, pivoting faraway from hard-coded payload download addresses to the use of an intermediary to hide the cope with website hosting the malware.<\/p>\r\n\r\n\r\n\r\n<p>&#8220;Cybercriminals are continuously locating approaches to evade detection and infect as many devices as feasible,&#8221; the researchers stated.<\/p>\r\n\r\n\r\n\r\n<p>&#8220;Moreover, due to the fact there may be a excessive demand for novel approaches to distribute mobile malware, several malicious actors claim that their droppers ought to help different cybercriminals disseminate their malware on Google Play save, resulting in a dropper-as-a-carrier (DaaS) version.&#8221;<\/p>\r\n<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-large mash-center mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fcybersecuritynest.com%2F%3Fp%3D468\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Share&nbsp;on&nbsp;Facebook<\/span><\/a><a class=\"mashicon-twitter mash-large mash-center mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/cybersecuritynest.com\/?p=468&amp;via=CYBERSECNEST\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Tweet&nbsp;on&nbsp;Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-large mash-center mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe&nbsp;to&nbsp;Newsletter<\/span><\/a><div class=\"onoffswitch2 mash-large mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47-->","protected":false},"excerpt":{"rendered":"<p>A malicious campaign leveraged seemingly risk free Android dropper apps on the Google Play save to compromise users&#8217; gadgets with banking malware. These 17 dropper apps, collectively dubbed DawDropper with the aid of fashion Micro, masqueraded as productiveness and utility apps consisting of record scanners, QR code readers, VPN services, and phone recorders, amongst others. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":472,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[9,13],"tags":[162],"class_list":["post-468","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-attack","category-mobile","tag-twitter"],"aioseo_notices":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/468"}],"collection":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=468"}],"version-history":[{"count":2,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/468\/revisions"}],"predecessor-version":[{"id":681,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/468\/revisions\/681"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/media\/472"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}