7 password-stealing Android apps removed from Google Play
Security researchers at Trend Micro reported that seventeen malicious apps designed to infect Android users have been removed from the Google Play Store. The apps used banking malware and have been dubbed DawDropper. The malware campaign leverages four types of banking trojans, Octo, TeaBot, Hydra, and Ermac. The attack type has been described as a dropper-as-a-service attack as the payload is only dropped after the user has downloaded the application.
Each of the different types of malware are designed to steal sensitive information such as usernames, passwords, and bank account information. TeaBot is one of the more powerful malwares of the group, possessing keylogging and authentication code stealing capabilities. Another one of the malware, Octo, is able to gain primary permissions from the device and therefore keeping it awake to allow stolen data to be transferred. It can also take screen recordings, which steals information entered by the victim such as passwords, pins, email addresses, and more. Although these apps have been removed from the Play Store, users should remain diligent and cautious when downloading new applications.