Security News > 2022 > July > Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware

A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware.
These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others.
Droppers are apps designed to sneak past Google's Play Store security checks, following which they are used to download more potent and intrusive malware on a device, in this case, Octo, Hydra, Ermac, and TeaBot.
The list of malicious apps previously available from the app store is below -.
Included among the droppers is an app named "Unicc QR Scanner" that was previously flagged by Zscaler earlier this month as distributing the Coper banking trojan, a variant of the Exobot mobile malware.
"Additionally, because there is a high demand for novel ways to distribute mobile malware, several malicious actors claim that their droppers could help other cybercriminals disseminate their malware on Google Play Store, resulting in a dropper-as-a-service model."
News URL
https://thehackernews.com/2022/07/over-dozen-android-apps-on-google-play.html
Related news
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- New North Korean Android spyware slips onto Google Play (source)
- Malicious Android 'Vapor' apps on Google Play installed 60 million times (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- How Google tracks Android device users before they've even opened an app (source)
- Google fixes Android zero-day exploited by Serbian authorities (source)