Researchers at Trend Micro have dubbed a new malware campaign DawDropper, which delivers four types of banking trojans to victims via apps on the Google Play Store. The attack is described as a Dropper-as-a-Service (DaaS) attack because the payload is only dropped after the app has been downloaded. The four types of malware being delivered are TeaBot, Octo, Hydra, and Ermac. Each of them is designed to steal banking account information along with usernames and passwords. TeaBot is known for using keylogging and stealing authentication codes while Octo has the ability to gain primary permissions from a device to keep it awake and allow stolen data to be uploaded. The attack can be traced to 2021 and is being distributed through various types of apps including VPNs, cleaner apps, photo editors, document scanners, games. DawDropper evaded Play Store protections by using third-party cloud services to obtain the payload from a command-and-control (C&C) server operated by the attackers. This means that the code uploaded to the Play Store was “clean” and couldn’t be flagged as malware.