Your banking credentials aren’t secure, according to Trend Micro research, especially if you have one of the malware-infested apps they discovered in their cybersecurity report. These Google Play Store apps seem harmless, but they are injected with banking trojans and behind users’ backs, they collect sensitive information, including banking details, passwords, emails, texts, and more.
Trend Micro investigators dubbed this malware campaign “DawDropper”. Fortunately, apps packed with Trojans have been removed from the Google Play Store, but this does not automatically remove them from users’ phones. Check 17 apps that are blacklisted and make sure they are not on your device.
Interestingly, many of the infected apps were disguised as “cleaners,” photo and video editors, QR codes and document scanners, VPNs and call recorders. The apps in the DawDropper campaign were discovered to install four variants of banking Trojan, including Octo, Hydra, Ermac and TeaBot.
To shed light on DawDropper’s spine-tingling capabilities, Trend Micro researched how the Octo banking trojan works. Once it is successfully installed on the victim’s phone and gets the basic permissions, Octo keeps the device active and records a scheduled service to upload sensitive information to the cybercriminal’s server.
“It also uses Virtual Network Computing (VNC) to record a user’s screen, including sensitive information such as bank credentials, email addresses, passwords and personal identification numbers,” the researchers said. To make matters worse, Octo causes the victim’s device to turn black by turning off the backlight. It also mutes the phone to hide malicious behavior. Yikes!
How can you protect yourself from future DawDropper malware campaigns? Trend Micro advises Android users to check app reviews before downloading; Users usually express their concerns and complaints about malware infested applications. Be sure to consider app developers and publishers; Avoid installing applications from unfamiliar sources.