Malware distribution on Android devices has been facilitated by the new SecuriDropper dropper-as-a-service operation by evading Android 13's "Restricted Settings" functionality to breach "Accessibility Services," BleepingComputer reports.
SecuriDropper spoofs Google apps and Android updates, video players, security apps, email clients, and games, which when installed facilitates "Read & Write External Storage" and "Install & Delete Packages" permission access to enable second-stage payload deployment, according to a ThreatFabric report.
Aside from the SpyNote malware through a fake Google Translate app, SecuriDropper was also observed to spread Ermac trojans through a phony Google Chrome app. Similar evasion of Android's Restricted Settings to enable Accessibility settings compromise was also conducted by the reemergent Zombinder DaaS operation, said researchers, who urged users of Android devices to avoid APK file downloads from untrusted sources. Meanwhile, Google noted that its Restricted Settings and Google Play Protect mechanisms work to prevent compromise.
"We are constantly reviewing attack methods and improving Android's defenses against malware to help keep users safe," said a Google spokesperson.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds