Skip to main content

These 17 Android apps have been stealing banking info — delete them all right now

Green skull on smartphone screen.
(Image credit: Shutterstock)

Only days after McAfee revealed news of a new malware strain affecting millions of devices via apps downloaded from the Google Play Store, there's more concerning news for Android users.

In a new report (opens in new tab), the cybersecurity firm Trend Micro has brought to light the existence of 17 more apps which have been dropping malware on Android devices. According to the company, the malware responsible, dubbed 'DawDropper', is "capable of stealing banking information, intercepting text messages, and hijacking infected devices."

(Image credit: Trend Micro)

The apps themselves are no longer on the Play Store, but it's important you take a look at the full list below and delete them from your devices immediately, as they can still be doing damage if left installed. Then, change the passwords for all of your highly sensitive accounts, such as your bank accounts and email. We've detailed some more advice at the bottom of this article.

Delete these apps now if you still have them installed

  • Call Recorder
  • Rooster VPN
  • super Cleaner
  • Document Scanner
  • Universal Saver Pro
  • Eagle photo editor
  • Call recorder pro+
  • Extra Cleaner
  • Crypto Utils
  • FixCleaner
  • Universal Saver Pro
  • Lucky Cleaner
  • Just In: Video Motion
  • Ducment Scanner Pro
  • Conquer Darkness
  • Simpli Cleaner
  • Unicc QR Scanner

What is DawDropper and how does it work?

A 'dropper', as it is known in the cyber security industry, is a trojan which infiltrates a device and installs another piece of malware — this is called delivering its payload.

DawDropper has, according to Trend Micro, been identified in several variants, each dropping a different payload: Octo, Hydra, ERMAC and TeaBot. These run different executables which will affect a user's device in different ways. Essentially though, they all want to steal your sensitive data. To do it, they're packaged in seemingly innocent apps, many of which offer ostensibly useful services such as cleaning up your device but the reality couldn't be further from that. The Octo malware, Trend Micro goes on to explain, is able to record your screen to steal important information such as passwords and PINs, and then keeps your device awake, despite turning off the screen, allowing it to upload this data to attacker controlled servers.

They also report that DawDropper is a DaaS or Dropper-as-a-Service model of malware, which means that somebody has paid the creators of the malicious code to steal data for them. It's a safe bet then that the intention of stealing this data really is to use it nefariously, so you shouldn't merely hope for the best and get to work on securing your devices immediately.

Thankfully, this malware has been caught, but it isn't a great look for the Google Play Store, especially not after having been called out by McAfee just days ago. What's more, based on Trend Micro's findings, the Octo payload even disables Google Play Protect, the safety net which is supposed to stop downloaded apps executing harmful code. 

Trend Micro also noted that these apps were also available on the Apple App Store, although they do not state whether there are similar security concerns. Historically, iPhones have been seen as safer than Android devices, as software cannot be installed from third parties outside the App Store without jailbreaking a device. However, the iOS safety net relies on the assumption that no malicious apps are on the App Store, so it remains to be seen as to whether or not iOS devices are affected by these apps as well. The safest thing to do if you're an iPhone user is to delete these apps immediately if you have them installed.

What to do if you've installed one of the affected apps

Hand holding smartphone with glowing green text floating around it

(Image credit: Shutterstock)

As we mentioned earlier, you'll want to delete the affected apps and change important passwords and PINs immediately, ideally on a separate device. It's also worth installing one of the best Android antivirus apps and scanning your device for threats and removing any installed malware. If you need to change passwords on the same device you have the apps installed on, then run a device scan first.

To keep yourself safe in the future, firstly make sure you refer to our guide on how to keep your phone safe from hackers. You'll also want to ensure Google Play Protect is enabled on your device. However, as with this case, Play Protect can be bypassed. Trend Micro have accordingly provided some helpful advice for users on how they can stay safe when downloading new apps:

  • Only install apps from trusted sources, and do not download them from websites which look suspect.
  • Check user reviews of the app before installing, to make sure there aren't any concerns or suspicious app behaviours reported.
  • Look into app developers and publishers if you can, to verify their credentials before you install an app.
Peter Wolinski
Peter Wolinski

Peter is the How to Editor at Tom's Guide, based in the UK. As a writer, he covers topics including tech, photography, gaming, hardware, motoring and food & drink. Outside of work, he can usually be found telling everyone about his greyhounds, obsessively detailing his car, squeezing as many FPS as possible out of PC games, and perfecting his espresso shots.