August 18, 2022

Researchers have uncovered an Android trojan called BugDrop. The dropper app designed to defeat new features in the upcoming Android version that aims to make it more difficult for malware to request Accessibility Services privileges from victims.

ThreatFabric researchers attributed the dropper to a cybercriminal group called “Hadoken Security.’ The gang is also behind the development and spread of the Xenomorph and Gymdrop Android malware families.

BugDrop masquerades as a QR code reader app to spread malicious payloads through a session-based installation process, tactically circumventing Google’s blocking of API access to apps.

“What is likely happening is that actors are using an already built malware, capable of installing new APKs on an infected device to test a session-based installation method, which would then later be incorporated in a more elaborate and refined dropper,” the researchers said.

Users are advised to avoid malware hidden in official app stores by downloading only apps from known developers and publishers, scrutinizing app reviews and checking their privacy policies.

The sources for this piece include an article in TheHackerNews.