According to The Hacker News, Android dropper malware is designed to act as a conduit for installing malicious code on devices, making it a lucrative business model for attackers, as well as advertising this capability to other criminal groups.
Restricted Settings is a security feature introduced in Android 13 that prevents apps not from the Google Play Store from accessing Accessibility and Notification Listener. If an app is found to request these permissions, Restricted Settings will immediately warn and prevent users from granting these permissions to the app.
According to Mr. Vu Ngoc Son, Technical Director of Vietnam National Cyber Security Technology Company NCS, Accessibility is the right that has been used by a series of malware impersonating applications belonging to state agencies to control phones and steal money from users in Vietnam in the past, even in cases where victims lost more than 2 billion VND in just a few minutes. These malware can only penetrate phones running Android 12 or lower, while with Android 13 or 14 phones, they will be detected and blocked by Restricted Setting.
However, the new technique used by the hackers in SecuriDropper is to break the installation process into several steps. First, a fake software - without special permissions - is tricked into installing on the victim's device. Next, the software calls Android APIs to fake a Google Play installation session, allowing it to install malware on the phone and bypass Restricted Settings.
SecuriDropper's Penetration Method Has Bypassed Android Security Barriers 14
The malware can now request Accessibility and Notification Listener permissions without being detected and blocked by the operating system. Even users who have upgraded to the latest Android 14 can still be attacked by malware using this method.
ThreatFabric, a cybersecurity company from the Netherlands, said it has observed banking trojans like SpyNote and ERMAC being distributed via SecuriDropper on phishing websites and third-party platforms like Discord.
Responding to The Hacker News , Google said Restricted Settings will add an additional layer of protection beyond user consent, which is required for apps to access Android settings/permissions. Users are also protected by Google Play Protect, which can warn or block apps that are behaving dangerously on Android devices using Google Play Services. Google is constantly reviewing attack vectors and improving Android's defenses against malware to help keep users safe.
To stay safe from attacks, Mr. Vu Ngoc Son advises Android users to avoid downloading APK files from untrusted sources.
Source link
Comment (0)