Android security protections evaded by new BugDrop trojan

Cybercrime operation Hadoken Security has been developing the new BugDrop dropper trojan with the capability to evade the security enhancements Google has introduced in the upcoming version of the Android operating system, according to The Hacker News. BugDrop impersonates a QR code reader app that leverages a session-based process exploiting the Accessibility API to install the Xenomorph banking trojan, which is also created by the Hadoken Group, to facilitate on-device fraud, a ThreatFabric report found. "What is likely happening is that actors are using an already built malware, capable of installing new APKs on an infected device, to test a session-based installation method, which would then later be incorporated in a more elaborate and refined dropper," said researchers. Such modifications could increase the threat of banking trojans, according to researchers. "With the completion and resolution of all the issues currently present in BugDrop, criminals will have another efficient weapon in the war against security teams and banking institutions, defeating solutions that are currently being adopted by Google, which are clearly not sufficient to deter criminals," they added.