As malware technology develops, so too do the services that malicious agents offer people who want to get into the hacking scene. If a malicious agent wanted to sneak malware onto your device without you knowing, they may hire someone who provides droppers as a service to help them achieve that goal.
As such, let’s explore what droppers as a service are and how to avoid them.
What Is a Dropper?
A dropper is a kind of Trojan virus that presents itself as harmless, but has a nasty surprise hiding within. Trojans share a special trait of tricking a user or system into thinking they’re harmless; that’s why it’s named after the famous Trojan horse of history.
Droppers, by themselves, contain no malicious code. This means, if someone scans the dropper program with an antivirus, it doesn’t show up as malicious. During this phase, a dropper program will try to establish itself on the user’s PC, asking for permission to access specific services and files.
Because the user believes the dropper software is harmless, the user grants the dropper malware permission to access what it wants. Once this happens, the dropper malware moves into stage two and contacts the malware download servers. It then installs malware on the target system, using the newly-given permissions to avoid suspicion or detection.
Check outwhat a Trojan dropper isif you’d like to know more about this strain of malware.
What Is a “Dropper as a Service”?
Droppers as a service are part of a larger family of services that malicious agents sell on the black market. You may have heard of the “as a service” suffix in the malware world before; it’s used in terms likeransomware as a service.
In this case, someone offering droppers as a service do so because they’re excellent at programming a dropper and want to offer their expertise to the black market. Their customer base are malware developers who have designed a payload but need help getting it onto people’s devices. These developers turn to dropper providers to get their virus past antivirus solutions.
Dropper services can go for very cheap on the black market. One report fromThe Registersaw dropper services charging $2 for 1,000 malware deliveries, which would be pocket change for someone who develops malware that extracts money from its victims in some way.
However, it’s important to note that not everything that ends in “as a service” is bad. For example,artificial intelligence as a serviceallows businesses and clients to hire our AI solutions for nonmalicious purposes.
An Example of Droppers as a Service: SecuriDropper
To better show how droppers as a service work, let’s take a look at a real-world example. SecuriDropper is a particularly nasty strain of dropper that targets Android phones and infects them with malware using the dropper method.
As reported byBleeping Computer, SecuriDropper is designed to circumvent a specific defense on Android 14. If you try to install an app that hasn’t come from the official Google Play store, it’s not allowed to access the more sensitive features of your phone, such as the Accessibility settings.
To get around this, a malware developer can add SecuriDropper to an innocent-looking app and upload it to a third-party website. Some apps containing SecuriDropper disguise themselves as commonly used apps; one was found pretending to be Google Translate. The app contains no malicious code, so it doesn’t get flagged by any antivirus scans.
Then, a victim downloads the app and tries to install it. During installation, the app will ask for permission to access the phone’s storage. If granted, the app displays a fake error message, claiming the installation failed. It then presents a button to the user, claiming that if they press it, the app will reinstall itself.
If the user does press the button, the dropper sends a signal to the malware download servers to install the payload. Because the user granted permission for the app to use the phone’s storage, the dropper can install the malware in a specific way so that Android 14 doesn’t identify it as an app from a third party source.
This, in turn, allows the app to ask for permissions that third-party apps are usually not allowed to ask for. And if the user accepts those, the malware then has access to all the permissions it needs to proceed with its plans.
SecuriDropper has been responsible for drops of all kinds of malware. For example, some strains install SpyNote which can pry at the data on your phone, and others install a banking Trojan disguised as a fake Chrome browser.
How to Stay Safe From Dropper Malware
Dropper malware may sound scary, but you’ll mainly find them hosted on third-party websites. As such, it’s always best to download your apps from official sources.
If you’re on PC, only install apps from official sources. Usually you can find the app on the developer’s website, but sometimes the developer will use an external host to handle downloads. If in doubt, be sure todouble-check that a website is safe and securebefore downloading apps from it.
If your operating system comes with an app store, downloading apps from there is safer than grabbing them from third-party websites. Marketplaces like the Microsoft Store and Google Play come with security countermeasures to help protect users against threats like droppers.
That being said, it’s unwise to trust every single app you see on an official app store. Malware developers can find ways to sneak malicious apps onto these app stores, to the point whereGoogle Play is not 100% safe from malware.
Fortunately, the same steps you can take tospot fake Android apps on Google Playapply to other app stores. If something “feels off” about an app, don’t download it.
Getting the Drop on Dropper Malware
While droppers are a nasty piece of kit, you may defend against them using good online practices when downloading apps. And now that droppers are offered as a service, defending against them is more important than ever.
