"🔧 Innovative Malware Delivery via SecuriDropper 📲 #TechTactics"
SecuriDropper uses unique API calls to mimic legitimate app installation, ensuring the delivery of malicious payloads. It's a clever twist in the cybercrime saga!
SecuriDropper is a new Android service called "Dropper-as-a-service" (DaaS). It can bypass Google's security measures and deliver malware. Dropper malware on Android is a tool that cybercriminals use to install harmful software on compromised devices. It allows attackers to separate the development of the attack from the installation of the malware. Google introduced "Restricted Settings" in Android 13 to prevent apps from outside the official store from gaining certain permissions.
However, SecuriDropper disguises itself as harmless apps to get around this security measure. Notably, SecuriDropper uses a different Android feature to make it look like it's installing apps from the official store and asks for permissions to access external storage and install packages. ThreatFabric has observed SecuriDropper distributing banking trojans like SpyNote and ERMAC. Another similar tool, Zombinder, was also seen using a similar bypass method, although it's unclear if they are connected. Android's security is constantly evolving, and DaaS platforms have become powerful tools for cybercriminals. Google emphasizes user control over permissions and the role of Google Play Protect in keeping Android devices safe.
#AndroidMalware #CyberAttack #InfoSec
Source: The Hacker News
