Dangerous applications are again threatening Android users. This time security researchers found 17 malicious applications on the Google Play Store that spread banking malware to break into user accounts.
Researchers from Trend Micro refer to these 17 malicious applications as DawDropper. These rogue apps are classified as droppers because they only download malicious malware after it is installed on the device to avoid detection by Google Play Protect.
"DawDropper uses Firebase Realtime Database, a third-party cloud service, to evade detection and dynamically obtain the download payload address. They also host malicious payloads on GitHub," said Trend Micro researchers, as quoted by The Hacker News, Monday (1/8). /2022).
Trend Micro says most of these malicious apps masquerade as productivity apps and tools such as document scanners, QR code readers, VPN services and call recorders. Once installed on the phone, then these applications download dangerous malware such as Octo (Coper), Hydra, Ermac, and TeaBot.
Octo malware is known to be able to turn off the Google Play Protect service and intercept incoming SMS. This malware also uses virtual network computing (VNC) to record the victim's device screen and retrieve sensitive information such as online banking credentials, email addresses and passwords, and PINs which are then used to break into the victim's account.
Here's a list of 17 malicious apps that Trend Micro found:
Call Recorder APK (com.caduta.aisevsk)
Rooster VPN (com.vpntool.androidweb)
Super Cleaner- hyper & smart (com.j2ca.callrecorder)
Document Scanner - PDF Creator (com.codeword.docscann)
Universal Saver Pro (com.virtualapps.universalsaver)
Eagle photo editor (com.techmediapro.photoediting)
Call recorder pro+ (com.chestudio.callrecorder)
Extra Cleaner (com.casualplay.leadbro)
Crypto Utils (com.utilsmycrypto.mainer)
FixCleaner (com.cleaner.fixgate)
Just In: Motion Video (com.olivia.openpuremind)
com.myunique.sequencestore
com.flowmysequto.yamer
com.qaz.universalsaver
Lucky Cleaner (com.luckyg.cleaner)
Simpli Cleaner (com.scando.qukscanner)
Unicc QR Scanner (com.qrdscannerratedx)
Fortunately, currently 17 of these applications have been removed from the Google Play Store. But users who have already downloaded it are recommended to delete it immediately.
Trend Micro also shares three ways to protect Android phones from malicious applications, which are to always check reviews and developers before downloading applications, don't download apps from suspicious websites, and don't install apps from unknown sources.