Your banking credentials aren’t secure, according to Trend Micro research, especially if you have one of the malware-infested apps they discovered in their cybersecurity report. These Google Play Store apps appear to be innocuous, but they are injected with banking Trojans and, behind the users’ backs, collect sensitive information, including bank details, passwords, emails, text messages and more.
Trend Micro researchers named this malware campaign “DawDropper.” Fortunately, the Trojan-ridden apps have been removed from the Google Play Store, but that doesn’t automatically remove them from users’ phones. Check out the following 17 blacklisted apps and make sure they are not on your device.
Interestingly, many of the infected apps were posing as “cleaners”, photo and video editors, QR codes and document scanners, VPNs and call recorders. DawDropper campaign apps were detected installing four types of banking Trojan variants, including Octo, Hydra, Ermac, and TeaBot.
To illuminate DawDropper’s chilling capabilities, Trend Micro took a deep dive into how the Octo banking Trojan operates. Once it is successfully installed on the victim’s phone and gains prime permissions, Octo keeps the device awake and registers a service programmed to upload sensitive information to the cybercriminal’s server.
“It also uses virtual network computing (VNC) to record a user’s screen, including sensitive information such as banking credentials, email addresses and passwords, and PINs,” the researchers said. To make matters worse, Octo turns the victim’s device black by turning off the backlight. He also silences the phone to hide malicious behavior. Oh!
How can you protect yourself from future DawDropper malware campaigns? Trend Micro advises Android users to check app reviews before downloading; users often voice their concerns and complaints about malware infested apps. Be sure to check with app developers and publishers; avoid installing apps from unknown sources.