To summarize, DawDropper can cause multiple system infections that may lead to severe privacy issues, significant financial losses, and identity theft. While the listed applications are no longer available on Google Play, the likelihood that there are other DawDropper apps on the platform is high. Trend Micro analysts discovered malicious DawDropper apps named Call Recorder, Call recorder pro+, Conquer Darkness, Crypto Utils, Document Scanner, Document Scanner PRO, Eagle photo editor, Extra Cleaner, FixCleaner, Just In: Video Motion, Lucky Cleaner, Rooster VPN, Simpli Cleaner, Super Cleaner, Unicc QR Scanner, and Universal Saver Pro ( screenshot below). Furthermore, malicious programs of this kind often have additional/other functionalities.Īt the time of writing, all variants of DawDropper use Firebase Realtime Database - a genuine third-party cloud service as their Command-and-Control (C&C) server and data storage while the malicious payloads are hosted on GitHub.Īs mentioned in the introduction, DawDropper was spread using multiple applications on the Google Play Store. Some banking trojans can even bypass 2FA/MFA (Two-Factor Authentication/Multi-Factor Authentication). These trojans can have the ability to force-open phishing webpages disguised as online bank sites or overlay banking apps with windows that record log-in credentials entered into them. These payloads are data-stealing malicious programs that target banking information. This program has been observed infecting Android devices with ERMAC 2.0, Hydra, Octo, and TeaBot. DawDropper has been actively distributed on the Google Play Store under the guise of various system cleaning, messaging, image editing, and other applications.ĭawDropper operates by downloading/installing additional malware, specifically - banking trojans.
This dropper has been used to infect devices with various banking trojans.ĭawDropper's developers offer this malicious program as a service (Malware-as-a-Service ) so that cyber criminals could use it to spread their malicious software for a fee. It is classified as a dropper - a type of program designed to cause chain infections (i.e., download/install other malware). DawDropper is a piece of malicious software targeting Android operating systems.
0 kommentar(er)
