319/68 Wednesday, September 3, 2025
Cybersecurity researchers have warned of a recent shift in threats targeting the Android operating system. Traditionally, dropper malware-whose main role is to deliver other malware—has been widely used to spread banking trojans designed to steal financial data. However, attackers are now increasingly deploying simpler payloads, such as SMS stealers and basic spyware. These campaigns often disguise themselves as applications from government agencies or banks, with outbreaks reported in India and several Asian countries, including Thailand and Singapore, according to the latest report from Netherlands-based firm ThreatFabric.
This evolution is partly driven by Google’s new security measure, the Google Play Protect Pilot Program, launched in select countries including Thailand. The program blocks suspicious apps that request high-risk permissions, such as access to SMS or Accessibility Services-features often abused by malware on Android devices. However, cybercriminals have adapted by redesigning droppers to avoid requesting sensitive permissions upfront. Instead, once a victim clicks an “Update” button, the app fetches a payload from an external server to install the real malware. One such example is RewardDropMiner, which previously delivered spyware alongside a Monero cryptocurrency miner.
In addition to these adaptive droppers, other attack vectors have also been observed. Researchers at Bitdefender Labs uncovered a wave of malvertising attacks on Facebook, luring users into downloading a fake premium version of TradingView that actually deployed an updated variant of the Brokewell financial trojan. This malware was used to spy on victims and steal data. Since July 2025, over 75 malicious ads have been detected across the EU, reaching tens of thousands of users. Experts warn that these campaigns reflect a broader strategy by cybercriminals to closely follow user behavior-disguising malware as trusted financial and crypto apps—to target the rapidly growing mobile user base. Users are strongly advised to only download apps from trusted sources to reduce their exposure to such threats.
Source https://thehackernews.com/2025/09/android-droppers-now-deliver-sms.html
