The Role of Evil Downloaders in the Android Mobile Malware Kill Chain

The Role of Evil Downloaders in the Android Mobile Malware Kill Chain

The spread of malware from user PCs to handheld devices such as smartphones has been a gradual process that started gaining momentum about a decade ago. At first, relatively basic Trojans would focus on stealing SMS messages to compromise two-factor authentication (2FA) sent to users by their banks. Then, increasingly sophisticated malware started emerging in the wild with features that can take over the device, harvest data, control communications and even lock the user out, to name a few.


But while mobile malware used by financially motivated threat actors is indeed a lot more elaborate nowadays, infecting devices remains somewhat of a challenge. Embedded security controls typically prevent Android devices from running apps from third-party sources, and without the user activating side-loading, or worse yet, jailbreaking the device, infecting users at scale can be rather slow even for motivated attackers.


So how is it that we keep seeing mobile malware infection numbers rise and even skyrocket, with numbers breaking previous records almost every year? These numbers can be attributed in large part to infection campaigns that take place directly on the official app store, such as Google Play.


The first thought on anyone’s mind would be that official stores should be a trusted source and protected by controls to prevent the entry of malware, and that is true. What cybercriminals have been doing is using a workaround in the shape of mobile malware downloaders.


These are benign-looking apps that ca ..