Security News > 2022 > August > Cybercriminals Developing BugDrop Malware to Bypass Android Security Features
In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that's currently in development.
Dubbed BugDrop by the Dutch security firm, the dropper app is explicitly designed to defeat new features introduced in the upcoming version of Android that aim to make it difficult for malware to request Accessibility Services privileges from victims.
ThreatFabric attributed the dropper to a cybercriminal group known as "Hadoken Security," which is also behind the creation and distribution of the Xenomorph and Gymdrop Android malware families.
Banking trojans are typically deployed on Android devices through innocuous dropper apps that pose as productivity and utility apps, which, once installed, trick users into granting invasive permissions.
Notably, the Accessibility API, which lets apps read the contents of the screen and perform actions on behalf of the user, has come under heavy abuse, enabling malware operators to capture sensitive data such as credentials and financial information.
Users are advised to avoid falling victim to malware hidden in official app stores by only downloading applications from known developers and publishers, scrutinizing app reviews, and checking their privacy policies.
News URL
https://thehackernews.com/2022/08/cybercriminals-developing-bugdrop.html
Related news
- Vultur banking malware for Android poses as McAfee Security app (source)
- Cybercriminals harness AI for new era of malware development (source)
- PixPirate Android malware uses new tactic to hide on phones (source)
- Drozer: Open-source Android security assessment framework (source)
- Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals (source)
- Winnti's new UNAPIMON tool hides malware from security software (source)
- Microsoft squashes SmartScreen security bypass bug exploited in the wild (source)
- SoumniBot malware exploits Android bugs to evade detection (source)