This crafty malware dropper sneaks past the toughest Google Android security defenses

SecuriDropper dropper-as-a-service bypasses Google’s Android security protection

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers have found a way to bypass Android’s “Restricted Settings” and installmalwareon a victim’s devices.

Restricted Settings is a security feature first introduced in Android 13 that prevents apps downloaded from non-vetted sources (i.e. places other than theGoogle Play Store, or sideloaded apps) from accessing key Android settings, such as Accessibility, or Notification Listener.

Apps that are granted Accessibility features can perform additional actions on the device such as installing other apps, grabbing text and other data, recording audio and video, and more. Almost all malicious apps require Accessibility options to be enabled, which is one of the best red flags possible. Notification Listener does exactly what it sounds like it’s doing, and hackers can use it to steal multi-factor authentication codes, especially those coming in via SMS.

SecuriDropper

A report from cybersecurity researchers ThreatFabric found the new malware is a dropper-as-a-service called SecuriDropper. Victims usually think they’re downloading software updates, video apps, games, or similar. The first thing the app does is ask for Read & Write External Storage permissions, as well as Install & Delete Packages, which grants it the ability to download and install additional apps.

Then, it says the app wasn’t installed properly (or requires an update) and displays a Reinstall button which downloads the second-stage payload.

While these payloads may vary, depending on theendpointtargeted, the researchers observed the SpyNote malware being dropped via SecuriDropper, as well as the Ermac banking trojan.

SpyNote can log keystrokes, exfiltrate call logs, pull data from installed apps, and more. Uninstalling it is also quite a task.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The best way to stay safe is to use common sense - only download apps from trusted sources and make sure they have plenty of downloads and solid reviews. Also, pay close attention to the permissions the apps ask upon installation - if they’re excessive, it’s most likely malware.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

3 reasons why PIA fell in our best VPN rankings

7 new movies and TV shows to stream on Netflix, Prime Video, Disney Plus, and more this weekend (November 8)