The “pathogens” of our electronic devices are no longer even counted. Malware, ransomware and trojans of all kinds infect every day cell phones and computersrevealing on every occasion a greater “resistance” to “antidotes” just as bacteria and viruses do for the human organism (if you have an Apple device, update now: here’s why).
The latest threat runs once again on Play Store and it’s about a recently developed malware. Or better, the “dropper” of a malwarecalled precisely Daw Dropper. Trend Microthe global leader in cyber security, found it within ben 14 apps downloaded by thousands of userswho now risk having their online banking account dented.
What is a dropper
A dropper is technically a program developed to install malware, a virus, or breaking through a computer system. There are two main types:
- single phase: the malware code can be contained inside the dropper, in such a way as to avoid detection by antivirus;
- double phase: The dropper, once active, can download the malware to the target system.
There is also a fairly widespread subgroup of droppers, called injector, which installs malware in memory only. Many droppers also do not require user interaction, but use a exploit, that is, a code that uses a vulnerability in the system. Others require user interaction by convincing the victim that it is a safe and necessary program (beware also of the fake INPS sms clearing account).
What is Daw Dropper and how dangerous it is
Daw Dropper is able to infect smartphones with 4 different virus types: Octo, Hydra, Ermac and TeaBot. These are dangerous banking malware, i.e. viruses that target steal credentials access to apps to check bank accounts. Just as Covid has developed several variants in order not to try not to be recognized by the immune system, this type of dropper too it diversified not to be detected by Google’s antivirus. To the point that one of the infected apps was even available on the Play Store from May 2021without anyone (or almost) noticing.
Daw Dropper can be technically defined a remote access trojan, with which the developer can gain remote access to anyone’s Android device. RAT is one of the most dangerous malware that allows an attacker to gain not only access to the device but also full control over it.
After stealing the credentials (including PIN and secret codes), these viruses send them to their own control servers, through which they will be able to access the private bank accounts, with the intent of emptying them. As Trend Micro explains, Daw Dropper is able to spy on any activity performed on the smartphone, including check SMS (through which the banks send the OTP code to authorize wire transfers), run other code and scripts in the background, and launch other potentially dangerous apps (here we talked about another scam via app that clears the account).
The 14 infected apps not to download or delete right away
Once discovered, the 14 infected applications discovered by Trend Micro were promptly removed from the Play Store. However, many had already registered lots of downloads. For this reason, it is advisable to check if you have one of these apps on your smartphone and, if so, delete them immediately from the memory:
- Call Recorder APK
- Rooster VPN
- Super Cleaner – hyper & smart
- Document Scanner – PDF Creator
- Universal Saver Pro
- Eagle photo editor
- Call recorder pro +
- Extra Cleaner
- Crypto Utils
- Just In: Video Motion
- Lucky Cleaner
- Simpli Cleaner
- Unicc QR Scanner
The infected application Call Recorder was present on the Play Store from May 2021, while Unicc QR Scanner it was previously loaded and then removed as a container for the Octo virus. After deleting the app or apps in the list, you need to download and activate an antivirus for Android. In addition of course to check movements and any anomalies on the online account, reporting them immediately to the bank.
How to avoid getting infected
One of Daw Dropper’s main means of accessing the mobile is the link from which to download one of the 14 apps, which usually arrives via SMS. Until you click on the link e the content is not installed, there are no risks. The Trojan cannot therefore take full control of the device.
To avoid falling into the traps, some precautions can be observed. The first is to block installations (automatic or not) of apps from third-party sources, by selecting this option in the “Settings” menu of your mobile phone. This “barrier” will in no way prevent you from continuing to voluntarily initiate downloads of games, movies, music, books, apps and files of all kinds.
The second step it concerns the download and installation of the antivirus (only one is enough, the abundance in this case does not increase the security).
The third and final step it is the verification of the authorizations of the existing software, the image of which must be accompanied by a red triangle and the words “No command”.
Italy first in Europe for the number of cyber threats
Cyber threats – to the detriment not only of ordinary users, but also of companies and institutions – see Italy first in the sad ranking of the most affected European countries. According to Trend Micro and theCyber Observatory of Crifwhich deals with credit information systems, in the first half of 2022 our country registered more than 780 thousand alarms relating to data present in the dark webregistering an increase of 44.1% compared to the previous half year.
The Italians are mainly threatened by the so-called ransomwarewho take systems and devices hostage and then free them using a ransom. The list of victims is varied: individuals, companies and even hospitals involved in the Covid emergency. According to the Observatory, the personal data of Italian users circulating on the dark web are: email credentials, telephone number and email domain. The latest report from cybersecurity firm Trend Micro also reported a real boom of the virus which, out of the total number of ransomware intercepted in the world (8,032,336), was identified to the extent of 3.56%.
In addition to being first in Europe, Italy is also 14th in the global ranking of countries most subject to the exchange of credit card data. In second place the United States and then Russia, the United Kingdom, Brazil and Canada. Furthermore, the interesting aspect is that the complete postal address of the hacked victims was found in 70% of the cases in combination with a telephone number, thus allowing the IT expert to complete the victim’s profile and geolocate it.
We would love to give thanks to the writer of this short article for this amazing web content
These 14 apps empty your account, delete them now
Check out our social media profiles and other pages that are related to them.https://prress.com/related-pages/