Published: September 25, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
Since opening over a decade ago, Google Play Store has evolved into a site that is worth questioning for downloading malware apps. Despite blocking 1.2 million apps last year and introducing Google Play Protect as a safety net, malware continues to plague the Store. Enter DawDropper a malicious banking trojan recently found in 13 Google Play apps they know the names for and a few more, not confirmed.
Trend Micro researchers discovered the apps carried DawDropper banking malware. DawDropper is a dropper-style banking trojan that hides in apps but doesn’t activate until a user downloads it. All suspected apps have since been removed from Play Store, but not before an unknown number of Android users downloaded them.
Now is the perfect time to make sure you didn’t download any of these apps onto your mobile device. If you did, delete them immediately since they can continue doing damage while still installed, and quickly change passwords for all sensitive accounts.
DawDropper’s Banking Trojan Dangers
Banking trojans were created to steal, you guessed it, money. These trojans have differing methods but all have the same goal. DawDropper, according to Trend Micro’s research, is “capable of stealing banking information, intercepting text messages, and hijacking infected devices.”
The Trend Micro team finds since earlier this year, an increased number of banking trojans began turning up on Play Store. They too were malicious droppers, helping prove the dropper method works. DawDropper’s ability to avoid Google’s virus detection measures includes disabling Google Play Protect. Play Protect was designed as a safety net keeping downloaded apps from releasing their harmful code.
The team comments “because there is a high demand for novel ways to distribute mobile malware, several malicious actors claim that their droppers could help other cybercriminals disseminate their malware on Google Play Store, resulting in a dropper-as-a-service (DaaS) model.” As DaaS continues to grow in popularity, malicious actors can offer DawDropper for rent to other’s wanting to install their malware on Play Store apps.
What You Can Do
Keeping your Android apps virus-free can be a challenge, whether they’re productivity apps or for gaming fun. In today’s “malware-mania” environment, there are app security steps all users can take. Make sure your devices have anti-virus software installed and kept up-to-date. Always avoid “sideloading” apps from third-party sites. These typically do not go through the cyber-scrutiny that the ones in the official stores do. Although not flawless, Google Play Store scans apps for malware. Always read app reviews since that’s where other’s leave remarks about problematic issues some apps have.
Taking security steps along with a dose of common sense can help keep banking trojans like DawDropper from making a home on your mobile device.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com