New Malware Bypasses Android Security to Steal Data: Avoid APK Downloads from Unknown Sources
A new cybercrime operation known as "SecuriDropper" has been discovered exploiting a vulnerability in Android devices to install malware that can capture on-screen text, gain excessive permissions, and steal sensitive data. This malware bypasses the "Restricted Settings" feature introduced in Android 13, which is designed to prevent side-loaded apps (those installed from APK files outside the official Google Play Store) from accessing sensitive features like Accessibility Services.
The malware operates by disguising itself as legitimate apps, often impersonating Google apps, Android updates, video players, security apps, or games. Once a user installs this fake app, it prompts them to click a "Reinstall" button after displaying a fake error message about the APK files installation. This action triggers the second stage of the malware delivery, installing the actual malicious payload.
Once infected, the malware can abuse Accessibility Services to capture on-screen text, granting itself additional permissions and performing navigation actions remotely. It can also exploit the Notification Listener to steal one-time passwords and other sensitive information.
To protect against such attacks, Android users are strongly advised to avoid downloading APK files from unknown sources or publishers they do not trust. Only download apps from the official Google Play Store or trusted third-party app stores.
Additionally, users should regularly review the permissions granted to installed apps and revoke any unnecessary permissions. To access permission settings, go to Settings > Apps, select the app, and review its permissions.
Key takeaways:
- A new malware operation is targeting Android devices.
- The malware bypasses Android's security features to steal data.
- Users should avoid downloading APK files from unknown sources.
- Users should review the permissions granted to installed apps.