Illicit actors have begun utilizing dropper apps to deploy SMS stealers and spyware payloads in addition to banking trojans following Google's measures to prevent app sideloading in select countries, The Hacker News reports.
Attacks involving the RewardDropMiner dropper involved the distribution of malicious apps impersonating Indian and other Asian banking or government tools that facilitated spyware and Monero cryptominer distribution without triggering Google Play Protect's defenses, according to an analysis from ThreatFabric. Similar evasion of Google Protect is also possible with the BrokewellDropper, HiddenCatDropper, SecuriDropper, TiramisuDropper, and Zombinder dropper variants. "By encapsulating even basic payloads inside a dropper, they gain a protective shell that can evade today's checks while staying flexible enough to swap payloads and pivot campaigns tomorrow," said ThreatFabric researchers. Such findings follow a Bitdefender Labs report detailing the deployment of an updated Brokewell banking trojan through a purportedly freemium version of the TradingView app promoted in nefarious Facebook ads.
Attacks involving the RewardDropMiner dropper involved the distribution of malicious apps impersonating Indian and other Asian banking or government tools that facilitated spyware and Monero cryptominer distribution without triggering Google Play Protect's defenses, according to an analysis from ThreatFabric. Similar evasion of Google Protect is also possible with the BrokewellDropper, HiddenCatDropper, SecuriDropper, TiramisuDropper, and Zombinder dropper variants. "By encapsulating even basic payloads inside a dropper, they gain a protective shell that can evade today's checks while staying flexible enough to swap payloads and pivot campaigns tomorrow," said ThreatFabric researchers. Such findings follow a Bitdefender Labs report detailing the deployment of an updated Brokewell banking trojan through a purportedly freemium version of the TradingView app promoted in nefarious Facebook ads.
