Subj : This crafty malware dropper sneaks past the toughest Google Andro To : All From : TechnologyDaily Date : Tue Nov 07 2023 17:15:05 This crafty malware dropper sneaks past the toughest Google Android security defenses Date: Tue, 07 Nov 2023 17:01:15 +0000 Description: SecuriDropper is a dropper-as-a-service that works around some of Android's toughest defenses. FULL STORY ====================================================================== Hackers have found a way to bypass Androids Restricted Settings and install malware on a victim's devices. Restricted Settings is a security feature first introduced in Android 13 that prevents apps downloaded from non-vetted sources (i.e. places other than the Google Play Store, or sideloaded apps) from accessing key Android settings, such as Accessibility, or Notification Listener. Apps that are granted Accessibility features can perform additional actions on the device such as installing other apps, grabbing text and other data, recording audio and video, and more. Almost all malicious apps require Accessibility options to be enabled, which is one of the best red flags possible. Notification Listener does exactly what it sounds like its doing, and hackers can use it to steal multi-factor authentication codes, especially those coming in via SMS. SecuriDropper A report from cybersecurity researchers ThreatFabric found the new malware is a dropper-as-a-service called SecuriDropper. Victims usually think theyre downloading software updates, video apps, games, or similar. The first thing the app does is ask for Read & Write External Storage permissions, as well as Install & Delete Packages, which grants it the ability to download and install additional apps. Then, it says the app wasnt installed properly (or requires an update) and displays a Reinstall button which downloads the second-stage payload. While these payloads may vary, depending on the endpoint targeted, the researchers observed the SpyNote malware being dropped via SecuriDropper, as well as the Ermac banking trojan. SpyNote can log keystrokes, exfiltrate call logs, pull data from installed apps, and more. Uninstalling it is also quite a task. The best way to stay safe is to use common sense - only download apps from trusted sources and make sure they have plenty of downloads and solid reviews. Also, pay close attention to the permissions the apps ask upon installation - if theyre excessive, its most likely malware. Via BleepingComputer More from TechRadar Pro This dangerous Android malware could steal passwords and other data just by using images Here's a list of the best firewalls today These are the best identity theft protection tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/this-crafty-malware-dropper-sneaks-past -the-toughest-google-android-security-defenses --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .