Dropper Service Bypassing Android Security Restrictions to Install Malware

SecuriDropper, a new dropper-as-a-service (DaaS), utilises a ‘session-based’ installer to bypass Android’s Restricted Settings feature and sideload malware. Online fraud detection firm, ThreatFabric, revealed that SecuriDropper uses an Android API to mimic the app marketplace’s install process, and has delivered the SpyNote spyware family and the Ermac banking trojan. The firm also highlighted Zombinder, another DaaS with similar capabilities.