Malware deployed by Android security evading SecuriDropper service

Malware distribution on Android devices has been facilitated by the new SecuriDropper dropper-as-a-service operation by evading Android 13's "Restricted Settings" functionality to breach "Accessibility Services," BleepingComputer reports. SecuriDropper spoofs Google apps and Android updates, video players, security apps, email clients, and games, which when installed facilitates "Read & Write External Storage" and "Install & Delete Packages" permission access to enable second-stage payload deployment, according to a ThreatFabric report. Aside from the SpyNote malware through a fake Google Translate app, SecuriDropper was also observed to spread Ermac trojans through a phony Google Chrome app. Similar evasion of Android's Restricted Settings to enable Accessibility settings compromise was also conducted by the reemergent Zombinder DaaS operation, said researchers, who urged users of Android devices to avoid APK file downloads from untrusted sources. Meanwhile, Google noted that its Restricted Settings and Google Play Protect mechanisms work to prevent compromise. "We are constantly reviewing attack methods and improving Android's defenses against malware to help keep users safe," said a Google spokesperson.