Google is involved in a endless game cat and mouse with actors from threats in your Play Store using different techniques to infiltrate malware-ridden apps on the app store. We write quite regularly about batches of malicious apps newly discovered that you don’t know recognized as such long enough to infect hundreds of thousands or even millions of Android devices.
It may interest you: Google Play lets you know which apps are compatible with your device
The malware found in Play Store often steal confidential informationincluded text messages, contact lists, banking credentials, and device informationof users unsuspecting. The presence of this threat persistent in Google Play Store requires users of Android stay tuned for do not install malicious applications inadvertently.
A new analysis by Trend Micro Mobile Team revealed an additional set of Applications that users should ensure that are not installed on your devicessince they contain an eyedropper variant that install Octo malware. The researchers named this newly discovered dropper variant “DawDropper”. seventeen apps different than previously available in Google Play Store contain this dropper.
Google can detect the malware content directly inside a app on play storebut the actors of threats can avoid this detection loading apps on play store containing dropper. Once a victim unaware install one of these applications, the dropper download and install a malicious payload. According to TrendMicro, the variations of DawDropper download and install different banking trojansincluded Octo, Hydra, Ermac and TeaBot.
Each variant connects to a real time database of firebase which works like command and control server (C2). The server then tells the dropper to download and install a malicious payload from a repository GitHub. In the case of octoonce installed, the malware deactivate security features What Google Play Protect and gets access permissions and administration.
You can check: The best moments at the table are lived with the family
then you can disable the backlight of the infected device and mute the sounds while holding the device lit for collect confidential information. octo can collect bank credentials, email addresses, text messages, passwords and more, and then upload this information to a C2 server controlled by the threat actors. Users of Android they must make sure have none of the apps on your devices.