Learn how to avoid getting infected by the latest Malware campaign, DawDropper, targeting Android devices.

What is DawDropper?

We have recently identified 14 malicious android apps that contain DawDropper, a banking malware that steals data from your mobile banking apps. The stolen data includes PIN codes, banking credentials, passwords, etc. This malware can intercept text communication and gain control over the affected device. In short, the attacker can steal money from your bank accounts.

Malware authors spread DawDropper via malicious apps that can bypass Google Play Store’s security checks using a third-party cloud service. Following that, it drops banking trojans on compromised devices.

DawDropper commonly poses as a productivity or utility apps such as call recorders, document/QR code scanners, and VPN services. Here are some of those malicious apps found on the Google Play Store:

  • Call Recorder APK
  • Rooster VPN
  • Super Cleaner – hyper & smart
  • Document Scanner – PDF Creator
  • Universal Saver Pro
  • Eagle photo editor
  • Call recorder pro+
  • Extra Cleaner
  • Crypto Utils
  • FixCleaner
  • Just In: Video Motion
  • Lucky Cleaner
  • Simpli Cleaner
  • Unicc QR Scanner

Among them is the Unicc QR Scanner, which was previously classified as a malicious app because it distributed the Coper banking trojan. It can also deploy Octo malware that can record and control the compromised device, steal credentials, and use your device for fraudulent activities.

What happens if your device is infected with DawDropper?

DawDropper can do the following:

  • Monitor and track the activities of the user on their phone.
  • Steal credentials (includes PIN codes, banking credentials, including app passwords).
  • Gain complete access to SMS services, contact numbers, and phone calls.
  • Run scripts in the background to steal the username and password of financial apps.
  • Modify device browser settings, wallpapers, and lock screen.
  • Perform abnormal activities, such as launching third-party apps or forcing a sudden restart without your consent.

How can Trend Micro protect you?

Trend Micro can detect and protect you from DawDropper malware, but we recommend following these best practices to avoid further infections:

  • Always read app reviews. Avoid apps with bad reviews from other users.
  • Check app details, including the developer, to ensure its reliability before you allow app installation, especially from unknown resources.
  • Enable Trend Micro Mobile Security Web Guard to block dubious websites before they install harmful apps.
  • Update Trend Micro Mobile Security regularly and allow all needed permissions.
Add a comment