Security Affairs
FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Android droppers evolved into versatile tools to spread malware

Android droppers now spread banking trojans, SMS stealers, and spyware, disguised as government or banking apps in India and Asia. ThreatFabric researchers warn of a shift in Android malware: dropper apps now deliver not just banking trojans, but also SMS stealers and spyware, mainly in Asia. Google’s Pilot Program enhances Play Protect by scanning Android […]

Android droppers

Android droppers now spread banking trojans, SMS stealers, and spyware, disguised as government or banking apps in India and Asia.

ThreatFabric researchers warn of a shift in Android malware: dropper apps now deliver not just banking trojans, but also SMS stealers and spyware, mainly in Asia.

Google’s Pilot Program enhances Play Protect by scanning Android apps before installation in high-risk regions like India and Brazil, blocking apps with risky permissions or suspicious APIs. Modern droppers exploit this system by appearing harmless at install, then fetching the real payload after user interaction, bypassing initial security checks. This allows even simpler malware to evade detection, showing a timing gap in the Pilot Program that threat actors actively exploit.

“actors want to future-proof their operations. By encapsulating even basic payloads inside a dropper, they gain a protective shell that can evade today’s checks while staying flexible enough to swap payloads and pivot campaigns tomorrow.” reads the report published by ThreatFabric.

The experts discovered a dropped, called RewardDropMiner, which is a staged dropper that evades Play Protect and the Pilot Program, delivering spyware or payloads and previously running a hidden Monero miner, now removed in recent variants to reduce detection.

Android droppers

Droppers like SecuriDropper, Zombinder, BrokewellDropper, HiddenCatDropper, and TiramisuDropper evade Play Protect and Pilot Program by delaying permissions or hiding payloads, ensuring malware reaches victims despite Android defenses.

Droppers have evolved into versatile tools, quickly adapted by cybercriminals to bypass defenses like the Pilot Program, delivering both major and minor malicious apps.

“The takeaway is simple: Play Protect and the Pilot Program work, but only as part of a constantly evolving defence strategy. Detection needs to adapt as quickly as the threats themselves.” concludes the report. “In this cat-and-mouse game, droppers aren’t slowing down as they’re just getting smarter.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Android droppers)