Despite Google’s privacy and security efforts, cybercriminals are still frequently shown to find ways to hide from the tech giant’s oversight and infect Android phones.
A new Trendmicro report warns of a series of applications infected with banking malware that can leave your checking account to zero.
Infected with DawDropper
On this occasion, the security report places special emphasis on the DawDropper malware, whose objective is to steal your data from the banking applications of your phone . The stolen data includes PIN codes, banking credentials, passwords, etc. This malware can both intercept the communicated text and gain complete control of the affected device, thus potentially stealing money from your bank account.
DawDropper spreads via malicious applications designed by malware authors who are able to bypass the security controls of the Google Play Store by using a third-party cloud service , or by downloading code stored on GitHub. After that, it places banking Trojans on compromised devices. DawDropper has some variants that produce four types of banking Trojans, such as Octo, Hydra, Ermac, and TeaBot.
Among the many evils that this malware can do are the following:
- Monitor and track user activities on your phone.
- Steal credentials (includes PIN codes, bank credentials, passwords to your banking apps).
- Get full access to the user’s SMS services, contact numbers and phone calls.
- Run scripts in the background to steal the username and password of financial applications.
- Modify device browser settings, wallpapers, and lock screen.
- Perform abnormalities on the devices, such as starting third-party applications or force a sudden reboot without your consent.
Malicious apps on Android
The following are the malicious apps found on the Google Play Store that implement the malware. To help distinguish those with somewhat more generic names, Trendmicro has also shared an image with the latest icons they had in the official Android store.
- call recorder
- RoosterVPN
- Super Cleaner – hyper & smart
- Document Scanner-PDF Creator
- Universal Saver Pro
- eagle photo editor
- call recorder pro+
- Extra Cleaner
- Crypto Utils
- Fix Cleaner
- Just In: VideoMotion
- Lucky Cleaner
- Simple Cleaner
- Unicc QR Scanner
The last one on the list, Unicc QR Scanner, was also previously classified as a malicious application because it distributed the Coper banking Trojan. Furthermore, it can also deploy another banking Trojan, Octo malware, which has the ability to register and control the compromised device, steal credentials and use your device for fraudulent activities.
As we can see, it masquerades as productivity apps and utilities, such as call recorders, document and QR code scanners, and VPN services. Detected apps are no longer available on the Play Store , so it’s up to users to remove them if they’re still on their devices. If you find any malware app on your device, you can remove it by accessing the settings of your Android phone and, once there, enter the ‘Apps’ section, where you can stop and/or remove it.