Android droppers now deliver SMS stealers and spyware

First reported

01.09.2025 20:28

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A shift in the Android malware landscape has been observed, where dropper apps, previously used mainly for banking trojans, are now distributing SMS stealers and basic spyware. These campaigns are spread via dropper apps disguised as government or banking apps in India and other parts of Asia. The change is driven by Google's security measures, which have made it harder to sideload suspicious apps. Attackers are adapting by using droppers that avoid triggering security checks, delivering payloads only after user interaction. The development highlights ongoing efforts by cybercriminals to bypass security measures and the challenges in maintaining effective mobile security. Google continues to enhance protections, but users remain a critical factor in the security chain. The RewardDropMiner dropper, for instance, has been found to deliver spyware and a Monero cryptocurrency miner, though recent variants no longer include the miner. Other dropper variants include SecuriDropper, Zombinder, BrokewellDropper, HiddenCatDropper, and TiramisuDropper.

Timeline

01.09.2025 20:28 1 articles · 1mo ago

Android droppers now deliver SMS stealers and spyware
A shift in the Android malware landscape has been observed, where dropper apps, previously used mainly for banking trojans, are now distributing SMS stealers and basic spyware. These campaigns are spread via dropper apps disguised as government or banking apps in India and other parts of Asia. The change is driven by Google's security measures, which have made it harder to sideload suspicious apps. Attackers are adapting by using droppers that avoid triggering security checks, delivering payloads only after user interaction.
Show sources

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans — thehackernews.com — 01.09.2025 20:28
Open in new tab

Information Snippets

Dropper apps in Android are now delivering SMS stealers and basic spyware, in addition to banking trojans.
First reported: 01.09.2025 20:28

1 source, 1 article
Show sources
- Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans — thehackernews.com — 01.09.2025 20:28
These campaigns are spread via dropper apps disguised as government or banking apps in India and other parts of Asia.
First reported: 01.09.2025 20:28

1 source, 1 article
Show sources
- Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans — thehackernews.com — 01.09.2025 20:28
Google's security measures, particularly the Pilot Program, have made it harder to sideload suspicious apps.
First reported: 01.09.2025 20:28

1 source, 1 article
Show sources
- Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans — thehackernews.com — 01.09.2025 20:28
Attackers are adapting by using droppers that avoid triggering security checks, delivering payloads only after user interaction.
First reported: 01.09.2025 20:28

1 source, 1 article
Show sources
- Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans — thehackernews.com — 01.09.2025 20:28
The RewardDropMiner dropper has been found to deliver spyware and a Monero cryptocurrency miner, though recent variants no longer include the miner.
First reported: 01.09.2025 20:28

1 source, 1 article
Show sources
- Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans — thehackernews.com — 01.09.2025 20:28
Other dropper variants include SecuriDropper, Zombinder, BrokewellDropper, HiddenCatDropper, and TiramisuDropper.
First reported: 01.09.2025 20:28

1 source, 1 article
Show sources
- Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans — thehackernews.com — 01.09.2025 20:28
Google has not found any apps using these techniques distributed via the Play Store and continues to enhance protections.
First reported: 01.09.2025 20:28

1 source, 1 article
Show sources
- Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans — thehackernews.com — 01.09.2025 20:28
A new campaign uses malicious ads on Facebook to peddle a free premium version of the TradingView app for Android, deploying an improved version of the Brokewell banking trojan.
First reported: 01.09.2025 20:28

1 source, 1 article
Show sources
- Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans — thehackernews.com — 01.09.2025 20:28

Similar Happenings

GhostRedirector Campaign Targets Windows Servers with Rungan Backdoor and Gamshen IIS Module

The GhostRedirector threat cluster, also known as Operation Rewrite and CL-UNK-1037, has compromised at least 65 Windows servers in Brazil, Thailand, and Vietnam, deploying the Rungan backdoor and Gamshen IIS module. The campaign, active since at least March 2025, targets various sectors and uses SEO fraud to manipulate search engine results, particularly to boost the rankings of gambling websites. The threat actor, believed to be China-aligned, employs BadIIS, a malicious native IIS module, to intercept and modify HTTP traffic, serving malicious content to site visitors. The campaign also deploys other tools for remote access, privilege escalation, and information gathering. ESET recommends using dedicated accounts, strong passwords, and multifactor authentication for IIS server administrators, as well as ensuring native IIS modules are installed only from trusted sources and are signed by a trusted provider.

Open in new tab