Cybercrime service bypasses Android security to install malware

SecuriDropper, a new dropper-as-a-service cybercrime operation, bypasses Android’s Restricted Settings security feature to install malware on devices, gaining access to Accessibility Services. This method, first observed with the BugDrop dropper in August 2022, involves using a session-based installation API for malicious APK files, bypassing Android’s warnings and granting malware risky permissions. The same Restricted Settings bypass strategy has been advertised by Zombinder, another DaaS operation. Android users are advised to avoid downloading APK files from unknown sources and review app permissions to protect against attacks.