According to information from Trend Micro, a multinational specializing in cybersecurity, a campaign carried out by cybercriminals used applications from the Google Play Store to store user data by installing banking malware on the Android. Cyber crimes are increasingly common and care must be constant! Continue reading and check out which applications were captured by banking malware on Android.
Read more: 5 things you must do to keep your cell phone safe
see more
Alert: THIS poisonous plant landed a young man in the hospital
Google develops AI tool to help journalists in…
understand the case
The apps used by criminals are known as “Android droppers”, a subtype of malware designed to allow the execution of another malicious file. In this case, seventeen dropper applications, or DawDropper, are involved and present themselves as productivity tools and utilities, such as a QR Code reader and document scanner. The term used (dropper) refers precisely to a slow and precise transfer of the users' personal data.
Trend Micro has stated that DawDropper makes use of an online database called the Firebase Realtime Database, which is a cloud storage, to avoid detection by protection tools and dynamically obtain address to download useful load.
Thus, it means that criminals operate through cloud storage with enough space for downloads to be carried out. The company claims that malicious downloadable payloads are also deposited on GitHub.
How attacks work
Droppers are apps designed to pass Google's app store security checks. However, they are then used to download malware that invades electronic equipment, such as Octo (Coper), Hydra, Ermac and TeaBot. So, everything starts with the user downloading the application and, once installed, the sequence of attacks begins in which the apps that make part of DawDropper establish connections with databases in the cloud to receive the link with the malicious content and install it on the device.
All apps involved in the scheme have been removed from the Play Store. But, check out the list and see if you've downloaded any of them in the last few months:
- Call Recorder APK;
- VPN Rooster;
- Super Cleaner – hyper & smart;
- Document Scanner – PDF Creator;
- Universal SaverPro;
- Eagle photo editor;
- Call Recorder pro+;
- Extra Cleaner;
- CryptoUtils;
- FixCleaner;
- Just In: Video Motion;
- Lucky Cleaner;
- Simple Cleaner;
- Unicc QR reader;
- com.myunique.sequencestore;
- com.flowmysequto.yamer;
- com.gaz.universalsaver.
The Octo malware, for example, disables Google Play Protect and uses remote computing to record the victim's device screen and its activity, including confidential bank information, e-mail passwords, applications, which are sent to a server remote.
According to Trend Micro, more and more cybercriminals specialize and seek to manipulate the security mechanisms of stores and capture data from the largest number of users illegally. You have to be careful.