Hackers have found a way to bypass Android’s “Restricted Settings” and install malware on a victim's devices.
Restricted Settings is a security feature first introduced in Android 13 that prevents apps downloaded from non-vetted sources (i.e. places other than the Google Play Store, or sideloaded apps) from accessing key Android settings, such as Accessibility, or Notification Listener.
SecuriDropper
A report from cybersecurity researchers ThreatFabric found the new malware is a dropper-as-a-service called SecuriDropper. Victims usually think they’re downloading software updates, video apps, games, or similar. The first thing the app does is ask for Read & Write External Storage permissions, as well as Install & Delete Packages, which grants it the ability to download and install additional apps.
Then, it says the app wasn’t installed properly (or requires an update) and displays a Reinstall button which downloads the second-stage payload.
While these payloads may vary, depending on the endpoint targeted, the researchers observed the SpyNote malware being dropped via SecuriDropper, as well as the Ermac banking trojan.
SpyNote can log keystrokes, exfiltrate call logs, pull data from installed apps, and more. Uninstalling it is also quite a task.
The best way to stay safe is to use common sense - only download apps from trusted sources and make sure they have plenty of downloads and solid reviews. Also, pay close attention to the permissions the apps ask upon installation - if they’re excessive, it’s most likely malware.
Via BleepingComputer
More from TechRadar Pro
- This dangerous Android malware could steal passwords and other data just by using images
- Here's a list of the best firewalls today
- These are the best identity theft protection tools right now