Cybercriminals Developing this to Bypass Android Security Features

In a sign that malicious actors continue to find ways to work around Google Play Store security protections, researchers have spotted a previously undocumented Android dropper trojan that’s currently in development.Dubbed BugDrop by the Dutch security firm, the dropper app is explicitly designed to defeat new features introduced in the upcoming version of Android that aims to make it difficult for malware to request Accessibility Services privileges from victims.ThreatFabric attributed the dropper to a cybercriminal group known as “Hadoken Security,” which is also behind the creation and distribution of the Xenomorph and Gymdrop Android malware families.Banking trojans are typically deployed on Android devices through innocuous dropper apps that pose as productivity and utility apps, which, once installed, trick users into granting invasive permissions.Given that most of these malicious apps are sideloaded — something that’s only possible if the user has allowed installation from unknown sources — Google, with Android 13, has taken the step of entirely blocking accessibility API access to apps installed from outside of an app store.Enter BugDrop, which masquerades as a QR code reader app and is being tested by its authors to deploy malicious payloads via a session-based installation process.The changes, should it become a reality, could make the banking trojans a more dangerous threat capable of bypassing security defenses even before they are in place.Users are advised to avoid falling victim to malware hidden in official app stores by only downloading applications from known developers and publishers, scrutinizing app reviews, and checking their privacy policies.

To learn more about Ransomware Recovery, Contact CyberNX

Disclaimer: Opinions/viewpoints expressed in this blog are entirely personal to the author. Ronnie Rodrigues (CyberNX Technologies Pvt Ltd) has nothing to do with these contents and they are not liable for anything whatsoever