November 6, 2023 at 10:06AM
Researchers have discovered a new dropper-as-a-service (DaaS) for Android called SecuriDropper that bypasses Google’s security restrictions and delivers malware. Dropper malware on Android is a lucrative business for threat actors, allowing them to install malicious payloads on compromised devices. SecuriDropper disguises itself as a harmless app and uses different Android APIs to install the malware. Another similar tool called Zombinder has also been identified. Cybercriminals are adapting and using DaaS platforms to distribute spyware and banking trojans.
Key Takeaways from Meeting Notes:
– Cybersecurity researchers discovered a new dropper-as-a-service (DaaS) for Android called SecuriDropper, which bypasses Google’s security restrictions and delivers malware.
– Dropper malware on Android is lucrative for threat actors as it allows them to install payloads on compromised devices and advertise their capabilities to other criminal groups.
– The introduction of Restricted Settings in Android 13 prevents sideloaded applications from obtaining permissions often abused by banking trojans.
– SecuriDropper disguises itself as a harmless app and uses a different Android API to install new payloads, mimicking the process used by marketplaces for application installation.
– Android banking trojans like SpyNote and ERMAC have been distributed via SecuriDropper on deceptive websites and third-party platforms.
– Another dropper service called Zombinder has also been observed offering a similar bypass for Restricted Settings, but it’s unclear if there is any connection between the two tools.
– Dropper-as-a-Service (DaaS) platforms have become potent tools for cybercriminals to infiltrate devices and distribute spyware and banking trojans.