We have recently identified 14 malicious android apps that contain the banking malware, “DawDropper”, which aims to steal your data from the banking apps on your phone. The stolen data includes PIN codes, banking credentials, passwords etc. This malware can intercept communicated text and gain complete control of the affected device. In short, the threat actor behind it can steal money from your bank account.
What is DawDropper?
DawDropper is spread via malicious apps designed by malware authors that can bypass Google Play Store’s security checks by using a third-party cloud service. Following that, it drops banking trojans on compromised devices.
It most commonly poses as productivity and utility apps such as call recorders, document/QR code scanners, and VPN services — the majority of these suspicious apps have already been removed from the Play Store, though others are always appearing.
The following are the malicious apps found on Google Play Store that deploy the dropper malware:
- Call Recorder APK
- Rooster VPN
- Super Cleaner – hyper & smart
- Document Scanner – PDF Creator
- Universal Saver Pro
- Eagle photo editor
- Call recorder pro+
- Extra Cleaner
- Crypto Utils
- Just In: Video Motion
- Lucky Cleaner
- Simpli Cleaner
- Unicc QR Scanner
Among them is the Unicc QR Scanner, which was previously classified as a malicious app because it distributed the Coper banking trojan. Additionally, it can also deploy another banking trojan such as Octo malware, which has the capability to record and control the compromised device, steal credentials and use your device for fraudulent activities.
What Happens if Your Device Is Infected with DawDropper?
This malware can do the following:
- Monitor and track the activities of the user on their phone.
- Steal credentials (includes PIN codes, banking credentials, passwords of your banking apps).
- Gain complete access to user’s SMS services, contact numbers, and phone calls.
- Run scripts in the background to steal username and password of financial apps.
- Modify device browser settings, wallpapers, and lock screen.
- Perform abnormalities on devices, such as launching third-party apps or forcing a sudden restart without your consent.
How can Trend Micro Protect you?
Trend Micro Mobile Security offers complete protection against Octo and other malware hidden in apps. Its real-time Security Scan feature provides the most comprehensive anti-malware capabilities available. It also offers a Pre-Installation Scan feature that prevents malicious apps and malware on Google Play before you can install them. Make sure that your phone system and applications are up to date to prevent malicious attacks.
You can install Trend Micro Security for Android by following the instructions here.