"Android Malware Droppers With 130K Installs Found on Google Play"

A set of Android malware droppers was discovered infiltrating the Google Play store and installing Banking trojans disguised as app updates. Malware droppers are a difficult category of apps to stop because they do not contain malicious code and, therefore, can pass Google Play reviews more easily when submitted to the store. At the same time, they do not raise user suspicion because they provide the advertised functionality, and malicious behavior occurs behind the scenes. Researchers at Threat Fabric discovered the new set of droppers, noting an increase in the use of droppers for Android malware distribution because of their ability to provide a stealthy pathway to infecting devices. This is especially important given the increasing restrictions and safeguards introduced with each major Android release, which prevent malware from abusing permissions, fetching malicious modules from external resources, or using the Accessibility service to perform unlimited actions on the device. The first dropper campaign discovered by Threat Fabric in early October 2022 promotes the banking Trojan known as SharkBot, an Android malware that can steal credentials by overlaying fake login prompts on legitimate website login forms, perform keylogging, steal and hide SMS messages, and remotely control a mobile device. In addition, the researchers discovered two seemingly innocuous dropper apps called 'Codice Fiscale 2022' and 'File Manager Small, Lite,' which are used to install SharkBot on victims' mobile devices. This article continues to discuss the set of Android malware droppers found on the Google Play store.

Bleeping Computer reports "Android Malware Droppers With 130K Installs Found on Google Play"