New banking trojan dropper apps identified

Seventeen malicious Android apps have been leveraged to infect devices with banking malware, reports The Hacker News. Collectively called DawDropper, the apps include productivity and utility apps such as QR code readers, document scanners, call recorders, and VPN services, all of which have already been removed from the Google Play store, a Trend Micro report showed. "DawDropper uses Firebase Realtime Database, a third-party cloud service, to evade detection and dynamically obtain a payload download address. It also hosts malicious payloads on GitHub," said researchers. One of the dropper apps dubbed "Unicc QR Scanner" had already been identified by Zscaler to contain the Octo, or Coper, banking trojan, which features screen recording capabilities, allowing threat actors to capture and exfiltrate sensitive data. "Cybercriminals are constantly finding ways to evade detection and infect as many devices as possible. Additionally, because there is a high demand for novel ways to distribute mobile malware, several malicious actors claim that their droppers could help other cybercriminals disseminate their malware on Google Play Store, resulting in a dropper-as-a-service (DaaS) model," said researchers.