Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Carding News
SecuriDropper: Even Google is powerless in the face of a new malicious code deliverer
Message
<blockquote data-quote="Prime" data-source="post: 779" data-attributes="member: 18"><p><strong>SecuriDropper — the new Android dropper</strong></p><p></p><p>The new dropper-as-a-service (DaaS) malware model is used to attack owners of mobile Android devices. It has the advantage of bypassing current security measures from Google.</p><p></p><p>The task of the dropper in this case is to get on the victim's device and load an additional payload. SecuriDropper has every chance of becoming a profitable business for creators who are willing to sell the service to cybercriminal groups.</p><p></p><p>ThreatFabric specialists spoke about the new DaaS model. The company's report notes the following:</p><p></p><p>"Droppers, like their authors, are constantly being improved as they need to circumvent new security measures."</p><p></p><p>For example, SecuriDropper should negate the restrictions on access to settings that were introduced in Android 13.</p><p></p><p>According to Google, this functionality should prohibit access to applications downloaded from third-party sources to read notifications and special features of the OS. Many mobile Trojans use these loopholes, so this is a very logical defense.</p><p></p><p>The SecuriDropper usually disguises itself as harmless software and thus tries to avoid detection. The following names of malware samples are known:</p><p></p><p>* com.appd.instll.load (Google)</p><p>* com.appd.instll.load (Google Chrome)</p><p></p><p>ThreatFabric noted the technical aspects of installing the dropper in the OS: this malware uses atypical Android APIs to install a new payload, which resembles the process of installing software from the app store.</p><p></p><p><img src="https://ver.ae/imagehosting/2023/11/07/70038507ad.jpeg" alt="70038507ad.jpeg" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p>The malware needs the following permissions: read and write data to external storage (READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE), and install and delete packages (REQUEST_INSTALL_PACKAGES and DELETE_PACKAGES).</p><p></p><p>According to ThreatFabric, the services of SecuriDropper are used by such well-known banking Trojans as Spnote and ERMAC.</p></blockquote><p></p>
[QUOTE="Prime, post: 779, member: 18"] [B]SecuriDropper — the new Android dropper[/B] The new dropper-as-a-service (DaaS) malware model is used to attack owners of mobile Android devices. It has the advantage of bypassing current security measures from Google. The task of the dropper in this case is to get on the victim's device and load an additional payload. SecuriDropper has every chance of becoming a profitable business for creators who are willing to sell the service to cybercriminal groups. ThreatFabric specialists spoke about the new DaaS model. The company's report notes the following: "Droppers, like their authors, are constantly being improved as they need to circumvent new security measures." For example, SecuriDropper should negate the restrictions on access to settings that were introduced in Android 13. According to Google, this functionality should prohibit access to applications downloaded from third-party sources to read notifications and special features of the OS. Many mobile Trojans use these loopholes, so this is a very logical defense. The SecuriDropper usually disguises itself as harmless software and thus tries to avoid detection. The following names of malware samples are known: * com.appd.instll.load (Google) * com.appd.instll.load (Google Chrome) ThreatFabric noted the technical aspects of installing the dropper in the OS: this malware uses atypical Android APIs to install a new payload, which resembles the process of installing software from the app store. [IMG alt="70038507ad.jpeg"]https://ver.ae/imagehosting/2023/11/07/70038507ad.jpeg[/IMG] The malware needs the following permissions: read and write data to external storage (READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE), and install and delete packages (REQUEST_INSTALL_PACKAGES and DELETE_PACKAGES). According to ThreatFabric, the services of SecuriDropper are used by such well-known banking Trojans as Spnote and ERMAC. [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Carding News
SecuriDropper: Even Google is powerless in the face of a new malicious code deliverer
Top