Malicious actors have always tried to work their way around Google Play Store security protections. Recently, Han Sahin from ThreatFabric, stated that the company had found this new malware, which is trying to spread the Xenomorph banking trojan. This extremely dangerous trojan allows the criminal to perform On-Device Fraud on the victim’s devices.
The malware has been dubbed BugDrop by the Duch security firm, and this dropper app is designed explicitly to combat the new features that Android has introduced in the new version of the Android OS. Android planned to make it difficult for the malware to request Accessibility Services privileges from the victims. However, BugDrop is trying to defeat it.
According to ThreatFabrics, the dropper was the work of a cybercriminal group known as Hadoken Security, which is also known to be behind the creation and distribution of the Android malware families Xenomorph and Gymdrop.
Typically, banking trojans are developed on Android devices and use innocuous dropper apps, which pose as utility or productivity apps. Once they are installed, they trick the victim into granting them various invasive permissions.
Furthermore, the Accessibility API allows the app to read the screen’s contents and even perform actions on behalf of the user. Therefore, it is heavily abusive and enables the malware operators to be able to capture sensitive data. This data includes credentials and financial information.
Overlay attacks are what allow the malware to execute such acts. The trojan shows a fake lookalike login form, which is retrieved from a remote server when the victim opens the desired app.
However, since many of the malicious apps are sideloaded, something possible if the user has allowed installation from unknown sources, Android 13 has taken the necessary steps to block the accessibility API access to apps that have been installed from outside the app store.
- The Racoon Stealer Malware is Back – Organizations Need Protection Once More
- Russian Hackers Distributing Android Malware Amidst the Ukraine Crisis
- Joker, Facestealer, and Coper Malware Rampant in New Play Store Apps
- Malwarebytes vs Avast
- The Android Banking Trojan, SOVA Returns With New Capabilities and Targets