Is your Android device working very slowly or prompts up annoying pop-ups, if yes, then your device has contracted malware through the Google Play Store.
A security research firm BleepingComputer reported a spreading number of mobile malware has started using a tool known as a “dropper,” which hides code inside an app.
“In the Android malware ecosystem, it is quite common for threat actors to buy so-called ‘loader’ (dropper) services from other actors,” security researcher Gaetan van Diemen told BleepingComputer.
The droppers are very cordial and contained within an app, making it difficult for Google Play Store to detect it using its standard security tests.
“It is quite difficult to detect dropper apps,” van Diemen says. “As you can imagine, threat actors will put a lot of energy in keeping those apps undetected.”
The droppers generally use dual or multiple-stage infection technique, the first stage of this process is to just gain a foothold on a device so that it can help to download other more harmful threats.
“What is surprising is that there is quite some intelligence and technical information about those droppers (publicly) available that could allow Google to detect these apps with ease,” van Diemen told Bleeping Computer. “The Exobot campaign for example still uses a similar dropper app code than the first time it was found, in this case, we can even confirm that it is the same dropper panel still being used. Such information should have been used by Google’s internal malware scanner (Bouncer) or Google Play Protect.”
“Interestingly enough, we have also observed that most AV’s also failed in detecting the dropper campaigns (sometimes for years), meaning that some awareness needs to be raised on the topic,” the expert added.
Until there is some software tool that can handle the droppers, security experts have recommended few ways to keep your device’s safe: first, keep the operating system updated, and be very careful while downloading any app from the Google Play Store, and maintain good cyber hygiene.