These Sinister Apps On Google Play Are Laced With Android Banking Malware, Delete ASAP
A new analysis by the Trend Micro Mobile Team has revealed an additional set of apps that users should ensure aren’t installed on their devices, as they contain a dropper variant that installs the Octo malware. The researchers have named this newly discovered dropper variant “DawDropper.” Seventeen different apps that were previously available on the Google Play Store contain this dropper.
Each variant connects to a Firebase Realtime Database that functions as the command-and-control (C2) server. The server then instructs the dropper to download and install a malicious payload from a GitHub repository. In the case of Octo, once installed, the malware disables security features like Google Play Protect and gains accessibility and admin permissions. It can then disable the infected device’s backlight and mute sounds while keeping the device on to collect sensitive information. Octo can collect banking credentials, email addresses, text messages, passwords, and more, then upload this information to a C2 server controlled by the threat actors. Android users should make sure they don’t have any of the apps shown in the image above installed on their devices.