tldrdaily.news logo
Tag

Mobile Security Malware

All articles tagged with #mobile security malware

Beware: Android Dropper-as-a-Service Evades Google's Defenses
mobile-security-malware2 years ago

Beware: Android Dropper-as-a-Service Evades Google's Defenses

SecuriDropper, a new dropper-as-a-service (DaaS) for Android, has been discovered by cybersecurity researchers. This malware bypasses Google's new security restrictions and delivers the payload. SecuriDropper disguises itself as harmless apps and uses a different Android API to install the payload, mimicking the process used by marketplaces. It bypasses Google's Restricted Settings by requesting permissions to read and write data to external storage, as well as install and delete packages. Android banking trojans like SpyNote and ERMAC have been distributed via SecuriDropper on deceptive websites and third-party platforms. Another similar dropper service called Zombinder has also been observed offering a Restricted Settings bypass.

via The Hacker News|
#android#cybersecurity#dropper-as-a-service
Android Malware Apps Evade Detection with Stealthy APK Compression
mobile-security-malware2 years ago

Android Malware Apps Evade Detection with Stealthy APK Compression

Threat actors are using Android Package (APK) files with unsupported compression methods to evade malware analysis. Over 3,300 artifacts have been found using this technique, with 71 samples able to be loaded onto the operating system without issues. These apps were likely distributed through untrusted app stores or social engineering tactics. The use of unsupported compression methods limits decompilation and analysis, making it difficult to detect and analyze the malware. Additionally, malware authors are deliberately corrupting APK files to trigger crashes on analysis tools. This discovery follows Google's recent revelation about threat actors using versioning to bypass malware detection on the Play Store.

via The Hacker News|
#android#apk#compression
"Anatsa Android Trojan Drains Bank Accounts in US, UK, and Germany"
mobile-security-malware2 years ago

"Anatsa Android Trojan Drains Bank Accounts in US, UK, and Germany"

Anatsa banking trojan is targeting banking customers in the US, UK, Germany, Austria, and Switzerland through dropper apps on the Google Play Store. The trojan steals credentials used to authorize customers in mobile banking applications and performs Device-Takeover Fraud (DTO) to initiate fraudulent transactions. Anatsa has backdoor-like capabilities to steal data and can bypass existing fraud control mechanisms to carry out unauthorized fund transfers. The dropper apps exploit the restricted "REQUEST_INSTALL_PACKAGES" permission to install additional malware on the infected device. ThreatFabric warns that the recent Google Play Store distribution campaigns demonstrate the immense potential for mobile fraud and the need for proactive measures to counter such threats.

via The Hacker News|
#anatsa#banking-trojan#google-play-store