As the number of mobile phone users is increasing, so is the number of security threats that come along with it. Criminals have found a new way to evade Google Play Store defenses by trading malicious loader programs that are capable of trojanizing Android applications for up to $20,000.
Kaspersky’s new report, based on messages posted on online forums between 2019 and 2023, has shed light on the growing trend of dropper apps as the primary means for threat actors looking to sneak malware via the Google Play Store.
In this article, we will discuss how these malicious loader programs work, what kind of apps they target, and what users can do to protect themselves.
The Working of Malicious Loaders
Malicious loader programs are used to inject malware into clean apps that are then made available for download from the app marketplace. This is achieved by using a loader program that’s responsible for injecting malware into a clean app, which is then made available for download from the app marketplace.
Users who install the tampered app are prompted to grant it intrusive permissions to facilitate malicious activities. To avoid detection, these apps also incorporate anti-analysis features to detect if they are being debugged or installed in a sandboxed environment. If so, they halt their operations on the compromised devices.
Popular Application Categories Targeted by Malicious Loaders
According to Kaspersky, the most popular application categories that are targeted by malicious loaders include:
- cryptocurrency trackers
- financial apps
- QR-code scanners
- and dating apps
These apps are popular among users, and malicious actors can use them to reach a large number of potential victims.
Alternative Techniques Used by Threat Actors
Apart from dropper apps, threat actors can also purchase a Google Play developer account for a nominal fee, either hacked or newly created by the sellers.
They can also use APK binding services, which are responsible for hiding a malicious APK file in a legitimate application, for distributing the malware through phishing texts and dubious websites advertising cracked games and software.
Protecting Yourself Against Malicious Loader
To protect yourself against malicious loaders, you should download apps only from trusted sources like the Google Play Store. You should also be careful while granting app permissions and avoid downloading apps that require too many intrusive permissions. Additionally, you should keep your phone’s software updated and use an antivirus software that can detect and remove malicious apps from your phone.
Conclusion
The threat of malicious loaders that can trojanize Android applications and infect them with malware is real and growing. Threat actors use various techniques to distribute malware, such as dropper apps, purchasing developer accounts, and using APK binding services. It is crucial to be aware of these threats and take necessary precautions to protect yourself from becoming a victim.
