Security News > 2022 > October > These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets

Five malicious dropper Android apps with over 130,000 cumulative installations have been discovered on the Google Play Store distributing banking trojans like SharkBot and Vultur, which are capable of stealing financial data and performing on-device fraud.

Targets of these droppers include 231 banking and cryptocurrency wallet apps from financial institutions in Italy, the U.K., Germany, Spain, Poland, Austria, the U.S., Australia, France, and the Netherlands.

Dropper apps on official app stores like Google Play have increasingly become a popular and efficient technique to distribute banking malware to unsuspecting users, even as the threat actors behind those campaigns continually refine their tactics to bypass restrictions imposed by Google.

While Google's Developer Program Policy limits the use of the REQUEST INSTALL PACKAGES permission to prevent it from being abused to install arbitrary app packages, the dropper, once launched, gets around this barrier by opening a fake Google Play store page impersonating the app listing, leading to the download of the malware under the guise of an update.

Also spotted were three droppers that offered the advertised features but also came with a covert function that prompted the users to install an update upon opening the apps and grant them permission to install apps from unknown sources, leading to the delivery of Vultur.

The new variant of the trojan is notable for adding capabilities to extensively log user interface elements and interaction events, which ThreatFabric said could be a workaround to the use of the FLAG SECURE window flag by banking apps to prevent them from being captured in screenshots.

News URL

https://thehackernews.com/2022/10/these-dropper-apps-on-play-store.html