These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in question have been removed from the app marketplace.
“DawDropper uses Firebase Realtime Database, a third-party cloud service, to evade detection and dynamically obtain a payload download address,” the researchers said. “It also hosts malicious payloads on GitHub.”
Droppers are apps designed to sneak past Google’s Play Store security checks, following which they are used to download more potent and intrusive malware on a device, in this case, Octo (Coper), Hydra, Ermac, and TeaBot.
images from Hacker News