Just days after McAfee revealed news of a new strain of malware affecting millions of devices through apps downloaded from the Google Play Store, there is more worrying news for Android users.
In a new report (opens in a new tab), cybersecurity firm Trend Micro has brought to light the existence of 17 more apps that have been dropping malware on Android devices. According to the company, the malware responsible, dubbed ‘DawDropper’, is “capable of stealing banking information, intercepting text messages, and hijacking infected devices.”
The apps themselves are no longer on the Play Store, but it’s important that you take a look at the full list below and remove them from your devices immediately, as they can still cause harm if left installed. Next, change the passwords for all of your highly sensitive accounts, like your bank accounts and email. We have detailed some more tips at the end of this article.
Remove these apps now if you still have them installed
- call recorder
- Cock VPN
- super cleaner
- document scanner
- Universal Savings Pro
- eagle photo editor
- call recorder pro+
- additional cleaner
- cryptographic utilities
- FixCleaner
- Universal Savings Pro
- lucky cleaner
- Right In: Motion Video
- Document Scanner Pro
- conquer the dark
- simple cleaner
- Unicc QR Scanner
What is DawDropper and how does it work?
A ‘dropper’, as it is known in the cybersecurity industry, is a Trojan that infiltrates a device and installs another piece of malware; this is called delivering your payload.
DawDropper, according to Trend Micro, has been identified in several variants, each of which drops a different payload: Octo, Hydra, ERMAC, and TeaBot. These run different executables that will affect a user’s device in different ways. However, essentially, everyone wants to steal your sensitive data. To do so, they’re bundled into seemingly innocent apps, many of which offer seemingly useful services, like cleaning your device, but the reality couldn’t be further from that. Octo malware, Trend Micro continues to explain, can record your screen to steal important information, such as passwords and PINs, and then keeps your device awake, despite turning off the screen, allowing it to upload this data to servers controlled by the malware. attacker. .
They also report that DawDropper is a DaaS or Dropper-as-a-Service malware model, which means someone has paid the creators of the malicious code to steal data for them. So, it’s a safe bet that the intent of stealing this data really is to use it in nefarious ways, so you shouldn’t just hope for the best and get to work protecting your devices right away.
Fortunately, this malware has been detected, but it doesn’t look great on the Google Play Store, especially after being called out by McAfee just a few days ago. Furthermore, according to Trend Micro’s findings, the Octo payload even disables Google Play Protect, the safety net that is supposed to prevent downloaded apps from executing harmful code.
Trend Micro also noted that these apps were also available in Apple’s app store, though they don’t indicate whether there are any similar security issues. Historically, iPhones have been considered more secure than Android devices, as third-party software cannot be installed outside of the App Store without jailbreaking the device. However, the iOS Safety Net is based on the assumption that there are no malicious apps in the App Store, so it remains to be seen whether iOS devices are also affected by these apps. The safest thing to do if you are an iPhone user is to remove these apps immediately if you have them installed.
What to do if you have installed one of the affected applications
As we mentioned earlier, you’ll want to remove affected apps and change important passwords and PINs right away, ideally on a separate device. It is also worth installing one of the best Android antivirus apps and scanning your device for threats and removing any installed malware. If you need to change passwords on the same device where you have apps installed, run a device scan first.
To keep yourself safe in the future, first be sure to check out our guide on how to keep your phone safe from hackers. You’ll also want to make sure Google Play Protect is enabled on your device. However, as in this case, Play Protect can be bypassed. Accordingly, Trend Micro has provided some helpful tips for users on how they can stay safe when downloading new apps:
- Only install apps from trusted sources and don’t download them from suspicious-looking websites.
- Check user reviews of the app before installing it, to make sure no concerns or suspicious behavior of the app are reported.
- Check with app developers and publishers, if you can, to verify their credentials before installing an app.