Some cybersecurity researchers have identified a new dropper-as-a-service (DaaS) per Android named SecuriDropper.
According to the data collected, this malicious agent is able to bypass the restrictions quite easily Google regarding security, distributing malware with remarkable ease.
Droppers are a type of malware spread in the Android environment, capable of creating a diffusion channel for other malicious agents, making them a very useful tool for cybercriminals of all types. Their mechanism, capable of drastically separating the infection from the execution of the actual attack, also makes droppers difficult to detect and block in time.
As we read in a report proposed by ThreatFabric to the site The Hacker News “Droppers and the actors behind them are in a constant state of evolution as they try to outwit evolving security measures“.
SecuriDropper undermines Google’s defense strategies for Android
One of the aforementioned security measures introduced by Google with Android 13 that’s what it’s called Restricted settingswhich prevents applications installed outside of Google Play from obtaining the accessibility permissions and relating to management of notificationswhich is often abused trojan banking.
“What sets SecuriDropper apart is the technical implementation of its installation procedure” explained ThreatFabric. The experts then pointed out how “Unlike its predecessors, this family uses a different Android API to install the new payload, mimicking the process used by marketplaces to install new applications“.
ThreatFabric said it has observed Android banking trojans such as SpyNote ed ERMAC who used SecuriDropper as a distribution vector, taking advantage of deceptive websites and third-party platforms such as Discord.
Another dropper service that has been noticed offering a similar Restricted Settings bypass is Zombinder. It is currently unclear whether this latest malicious agent and SecuriDropper have any connection to each other.
Specialists have stated how “As Android continues to raise the bar with each iteration, cybercriminals are also adapting and innovating“. Commenting more generally on the DaaS phenomenon, for ThreatFabric “They have emerged as powerful tools, allowing malicious actors to infiltrate devices to distribute spyware and banking Trojans“.