Hackers have found a way to bypass Google’s new security feature called “ Restricted Settings”- Learn More

Android malware creators are already modifying their strategies to get around a new security feature called “Restricted setting” that Google added in the most recent version of Android, 13. This week saw the rollout of Android 13 to Google Pixel devices and the publication of the operating system’s source code on AOSP.

Threat Fabric has uncovered a new Android malware dropper that has already included new features to go beyond the new Restricted setting security feature, according to a new study published today. Threat Fabric found a new dropper still in development while tracking the Xenomorph Android malware operations. The numerous bugs that afflict this dropper’s function at this early stage led to the term “BugDrop.”

With a change to one string in the installer function, this unique dropper has code that is comparable to Brox. This freely released malware creation tutorial project is going around on hacker forums. The string “com.example.android.APIs.content.SESSION API PACKAGE INSTALLED” was found in the Small code, which is what caught Threat Fabric’s attention, according to the study.

By dividing the packages (APKs) into smaller pieces and providing them with identical names, version numbers, and signing certificates, session-based installation is used to carry out a multi-staged malware installation onto an Android device.