Just days after McAfee broke news of a new strain of malware affecting millions of devices via apps downloaded from the Google Play Store, there is more worrying news for Android users.
In a new report (opens in a new tab), cybersecurity firm Trend Micro revealed the existence of 17 other apps that dropped malware onto Android devices. According to the company, the malware responsible, dubbed “DawDropper”, is “capable of stealing banking information, intercepting text messages and hijacking infected devices”.
The apps themselves are no longer on the Play Store, but it’s important that you review the full list below and remove them from your devices immediately, as they can still cause harm if left installed. Next, change the passwords for all your highly sensitive accounts, such as your bank accounts and emails. We’ve detailed some additional tips at the bottom of this article.
Delete these apps now if you always have them installed
- call recorder
- Rooster VPN
- great cleaner
- Document scanner
- Universal Saver Pro
- Eagle Photo Editor
- call recorder pro+
- Extra cleaner
- Encryption utilities
- Universal Saver Pro
- lucky cleaner
- Just now: video movement
- Document Scanner Pro
- conquer the darkness
- Simplified Cleanser
- Unicc QR scanner
What is DawDropper and how does it work?
A “dropper,” as it’s known in the cybersecurity industry, is a Trojan horse that infiltrates a device and installs other malware — this is called delivering its payload useful.
DawDropper has, according to Trend Micro, been identified in several variants, each dropping a different payload: Octo, Hydra, ERMAC and TeaBot. These run different executables that will affect a user’s device in different ways. Essentially though, they all want to steal your sensitive data. They do this by bundled into seemingly innocent apps, many of which offer seemingly useful services such as cleaning up your device, but the reality couldn’t be further from that. The Octo malware, claims Trend Micro, is capable of recording your screen to steal important information such as passwords and PINs, then keeps your device awake, despite the screen turning off, allowing it to download this data on servers controlled by the attacker. .
They also report that DawDropper is a DaaS or Dropper-as-a-Service model of malware, meaning someone paid the creators of the malicious code to steal data for them. It’s a safe bet that the intent to steal this data really is to use it in a nefarious way, so you shouldn’t just hope for the best and immediately get to work securing your devices.
Fortunately, this malware has been detected, but it’s not a great look for the Google Play Store, especially after being called out by McAfee just a few days ago. Additionally, based on Trend Micro’s findings, the Octo payload even disables Google Play Protect, the safety net that’s supposed to prevent downloaded apps from running harmful code.
Trend Micro also noted that these apps are also available on Apple’s App Store, though they don’t indicate whether there are similar security issues. Historically, iPhones have been considered more secure than Android devices because software cannot be installed by third parties outside of the App Store without jailbreaking a device. However, the iOS Safety Net relies on the assumption that no malicious apps are on the App Store, so it remains to be seen if iOS devices are also affected by these apps. The safest thing to do if you are an iPhone user is to remove these apps immediately if you have them installed.
What to do if you have one of the affected apps installed
As we mentioned earlier, you’ll want to remove affected apps and change important passwords and PINs immediately, ideally on a separate device. It is also worth installing one of the best Android antivirus apps and scanning your device for threats and removing any installed malware. If you need to change passwords on the same device where the apps are installed, run a device scan first.
To protect yourself in the future, be sure to first refer to our guide on how to protect your phone from hackers. You’ll also want to make sure Google Play Protect is enabled on your device. However, as in this case, Play Protect can be bypassed. Trend Micro has therefore provided useful tips for users on how they can stay safe when downloading new apps:
- Only install apps from trusted sources and don’t download them from websites that look suspicious.
- Check the user reviews of the app before installing it, to make sure there are no reported issues or suspicious behavior of the app.
- Check with app developers and publishers if you can, to verify their credentials before installing an app.