Security News > 2022 > July > Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware

A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware.
These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others.
Droppers are apps designed to sneak past Google's Play Store security checks, following which they are used to download more potent and intrusive malware on a device, in this case, Octo, Hydra, Ermac, and TeaBot.
The list of malicious apps previously available from the app store is below -.
Included among the droppers is an app named "Unicc QR Scanner" that was previously flagged by Zscaler earlier this month as distributing the Coper banking trojan, a variant of the Exobot mobile malware.
"Additionally, because there is a high demand for novel ways to distribute mobile malware, several malicious actors claim that their droppers could help other cybercriminals disseminate their malware on Google Play Store, resulting in a dropper-as-a-service model."
News URL
https://thehackernews.com/2022/07/over-dozen-android-apps-on-google-play.html
Related news
- New North Korean Android spyware slips onto Google Play (source)
- Malicious Android 'Vapor' apps on Google Play installed 60 million times (source)
- Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- Google Gemini's Astra (screen sharing) rolls out on Android for some users (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials (source)