Android malware is getting sophisticated with droppers to evade security measures by Google

Google needs to do something to fix this because they know the reasons, working, behavior, and other details of how dropper apps work.

  • Published: July 23, 2018 12:49 PM IST

Malware, worms, and viruses have long been a menace for internet-connected users who have long been using desktops, or laptops to connect to the web. However, as a major chunk of users has started moving to the mobile ecosystem, hackers, and cybercriminals are also adapting to the shifting landscape of hacking. This primarily involves adapting their attacks on mobile devices. Malware, worms, and even viruses are the first stage of attack where hackers rely on the carelessness of the users to infect their devices. The number of malware that has been discovered on apps in the Google Play Store in the recent past has gradually increased over years.

Discovering malware-ridden apps on Google Play Store means that malware and worms are able to evade the security protections set up by Google giving us a hint at how advanced cybercriminals are getting with progressing time. According to a report by BleepingComputer, most hackers are using a technique that uses “droppers” to infect mobile users. This technique is a dual or multi-stage attack where the first stage of the malware is simple with limited capabilities. The key of this malware is to spread and establish an attack surface on the smartphone so that it can download more serious worm, or virus later.

Watch: Moto E5 Series First Look

The report pointed out that this technique was previously used to attack desktops. Though they are not as effective on the desktop because of the presence of an antivirus software that detects the threats including the second-payload with more complex viruses or worms in real time. However, the effect is maximized on Android where there is no real-time anti-virus scanning app or built-in software. The only security measure is the scan that Google performs before approving the app on Google Play Store. The report goes on to add that more and more apps are slipping past Google as they have split that dropper and the actual malware in two different parts.

Droppers are limited in nature and capability with far less number of permissions making them not fit in the conventional form of malicious apps. Additional tricks such as adding a delay in how frequently the dropper activates have also helped malicious apps slip by. Most of the apps work as they are intended to, however, once the dropper activates, it asks for more permissions to download more serious malware, viruses, or worms. Mostly, the issue has been seen to attack banking apps with the help of a trojan. Most of the recent ones include Exobot, LokiBot, and BankBot.

It also goes on to state that experts believe that some cybercriminals seem to be using droppers as a “downloader-as-a-Service” where it is likely that they are using the dropper as an installer for whatever apps one would want to install on their device. Experts believe that Google needs to do something to fix this because they know the reasons, working, behavior, and other details of how dropper apps work.

  • Published Date: July 23, 2018 12:49 PM IST