Google Play Droppers Deliver Malware to Over 300K Victims

Updated: Dec 6, 2021

Over the last 4 months 300,000+ Android devices have fallen victim to four dangerous banking trojan malware. By bypassing the Google Play app store’s detection method these app droppers have posed a threat to exposing thousands of users’ credentials. As these dropper apps are downloaded, they connect with threat actors’ servers to release the banking trojan through a false “update” that launches the malware to the device.


Sam Bakken from OneSpan, a provider of digital identity and anti-fraud solutions shared his insights on the discovery.

"Here's additional evidence that mobile banking apps are a juicy target for attackers and it's worth attacker's time to innovate here with more and more sophisticated threats. Because these apps lie in wait, essentially benign until time to strike, a simple anti-virus type scan will not catch them until they've already done damage. Mobile app shielding, on the other hand, recognizes potentially malicious behavior and interference with the app during runtimes such as hooking, screen reading, overlay attacks, and more. This means that app shielding can shut these attacks down before money can be stolen, whether the malware is detected and or known, or not."


###