DawDropper Mobile Malware Delivers Banking Trojans
DawDropper is a newly discovered mobile malware threat that targets Android devices. The malware, as the name suggests, functions as a dropper.
Droppers are an intermediary type of malicious tool. They sometimes do not constitute a malicious payload on their own but are instead used to deliver, download and "drop" the final payload used in the infection, the one that will cause real harm in most cases. In the case of single-stage droppers, the final payload will be contained inside the same tool.
DawDropper is a Trojan dropper that is used to deliver and drop banking Trojans that work on Android devices. This type of malware would use one of several tricks to steal victims' banking data. Android banking Trojans commonly rely on invisible overlays to capture user inputs in banking login pages and apps.
DawDropper was distributed through malicious apps that spent some time on the Google Play Store before they were taken down. The malicious apps were mostly posing as device cleaners and optimization utilities for Android.
The malicious apps were used to drop banking Trojans including Octo, Ermac, Hydra, and TeaBot.