According to a report from Trend Micro, a security research firm, these malware apps are aimed at stealing users’ data, including banking credentials, PIN numbers, passwords, and any other information. These apps could also intercept text messages and infect devices with harmful malware. Apps that carry the malware to steal data and bypass Google’s Play Store security result in a dropper-as-a-service (DaaS) model, called dropper apps. These apps have a payload with malicious malware, which is installed on phones. “Malicious actors have been surreptitiously adding a growing number of banking trojans to Google Play Store via malicious droppers this year, proving that such a technique is effective in evading detection,” Trend Micro wrote in a blog post. “Additionally, because there is a high demand for novel ways to distribute mobile malware, several malicious actors claim that their droppers could help other cybercriminals disseminate their malware on Google Play Store.” Late year, Trend Micro found a malicious campaign that used a new dropper variant, which it dubbed as DawDropper. The following Android apps were originally found in the Google Play Store, which have now been removed:
Call Recorder APK (com.caduta.aisevsk) Rooster VPN (com.vpntool.androidweb) Super Cleaner- hyper & smart (com.j2ca.callrecorder) Document Scanner – PDF Creator (com.codeword.docscann) Universal Saver Pro (com.virtualapps.universalsaver) Eagle photo editor (com.techmediapro.photoediting) Call recorder pro+ (com.chestudio.callrecorder) Extra Cleaner (com.casualplay.leadbro) Crypto Utils (com.utilsmycrypto.mainer) FixCleaner (com.cleaner.fixgate) Just In: Video Motion (com.olivia.openpuremind) myunique.sequencestore flowmysequto.yamer qaz.universalsaver Lucky Cleaner (com.luckyg.cleaner) Simpli Cleaner (com.scando.qukscanner) Unicc QR Scanner (com.qrdscannerratedx)
In case, if you have any of the aforementioned apps installed on your Android smartphone, it is recommended to uninstall them immediately. “Cybercriminals are constantly finding ways to evade detection and infect as many devices as possible. In a half-year span, we have seen how banking trojans have evolved their technical routines to avoid being detected, such as hiding malicious payloads in droppers,” Trend Micro concluded. “As more banking trojans are made available via DaaS, malicious actors will have an easier and more cost-effective way of distributing malware disguised as legitimate apps. We foresee that this trend will continue and more banking trojans will be distributed on digital distribution services in the future.” In order to stay safe from malicious apps, users are recommended to always check app reviews for unusual concerns or negative experiences, apply due diligence when looking into app developers and publishers, and avoid downloading apps from suspicious-looking websites or unknown sources.