Malware News Cybercrime service bypasses Android security to install malware

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,093
Content source
https://www.bleepingcomputer.com/news/security/cybercrime-service-bypasses-android-security-to-install-malware/
A new dropper-as-a-service (DaaS) cybercrime operation named 'SecuriDropper' has emerged, using a method that bypasses the 'Restricted Settings' feature in Android to install malware on devices and obtain access to Accessibility Services.

Restricted Settings is a security feature introduced with Android 13 that prevents side-loaded applications (APK files) installed from outside Google Play to access powerful features like the Accessibility settings and Notification Listener. The two permissions are commonly abused by malware, so the feature was intended to protect users by blocking the approval of requests by displaying a warning when these permissions are requested.
Click to expand...
SecuriDropper infects Android devices posing as a legitimate app, most often impersonating a Google app, Android update, video player, security app, or a game, and then installing a second payload, which is some form of malware.

The dropper achieves this by securing access to the "Read & Write External Storage" and "Install & Delete Packages" permissions upon installation.

The second-stage payload is installed through user deception and interface manipulation, prompting users to click a "Reinstall" button after displaying bogus error messages about the dropper app's installation.

Payload dropping process
Payload dropping process (ThreatFabric)
Click to expand...
 
  • Like
  • +Reputation
  • Thanks
Reactions: [correlate], CyberTech, ZeroDay and 4 others

Similar threads

Gandalf_The_Grey
    • Wow
    • Like
    • +Reputation
Malware News Infostealer malware bypasses Chrome’s new cookie-theft defenses
Replies
0
Views
1,825
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Wow
Malware News Updated FakeCall Malware Targets Mobile Devices with Vishing
Replies
1
Views
882
Security News
lokamoka820
lokamoka820
Gandalf_The_Grey
    • +Reputation
Malware News New Octo Android malware version impersonates NordVPN, Google Chrome
Replies
0
Views
1,596
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top