Your banking credentials aren’t safe, according to Trend Micro (opens in new tab) research, especially if you have one of the malware-infested apps they’ve discovered in their cybersecurity report. These Google Play Store apps appear to be innocuous, but they are injected with banking trojans and behind users’ backs, they’re collecting sensitive information, including banking details, passwords, emails, texts, and more.
The Trend Micro investigators dubbed this malware campaign “DawDropper.” Fortunately, the trojan-packed apps have been removed from the Google Play Store, but that doesn’t automatically remove them from users’ phones. Check out the following 17 blacklisted apps and make sure they’re not on your device.
Interestingly, many of the infected apps were masquerading as “cleaners,” photo and video editors, QR code and document scanners, VPNs and call recorders. The apps in the DawDropper campaign were caught installing four types of banking trojan variants, including Octo, Hydra, Ermac and TeaBot.
To illuminate DawDropper’s spine-tingling capabilities, Trend Micro delved into how the banking trojan Octo operates. Once it’s successfully installed on a victim’s phone and nabs primary permissions, Octo keeps the device awake and registers a scheduled service to upload sensitive info to the cybercriminal’s server.
“It also uses virtual network computing (VNC) to record a user’s screen, including sensitive information such as banking credentials, email addresses and passwords, and PINs,” the researchers said. To make matters worse, Octo causes the victim’s device to turn black by switching off its backlight. It also mutes the phone to hide malicious behavior. Yikes!
How can you protect yourself from future DawDropper malware campaigns? Trend Micro advises Android users to check app reviews before downloading; users typically voice concerns and complaints about malware-infested apps. Be sure to look into the app developers and publishers; avoid installing apps from unfamiliar sources.