A dropper[1][2] is a Trojan horse that has been designed to install malware (such as viruses and backdoors) onto a computer. The malware within the dropper can be packaged to evade detection by antivirus software. Alternatively, the dropper may download malware to the target computer once activated.
Droppers can be categorized into two types: persistent and non-persistent. Persistent droppers conceal themselves on the device and alter system registry keys. Concealment allows them to reinstall the malware during a reboot, even if previously removed. Non-persistent droppers are considered less dangerous as they remove themselves from the system after executing their payload. Thus, once the malware is removed, it cannot reinstall itself.[3]
Trojan horses operate by masquerading as legitimate programs, requiring user interaction to execute. They unpack and load malicious code into the computer's memory, then install malicious software (malware).[4]
Precautions can be taken to prevent infection from malware droppers. For example, not opening links from unknown sources and only downloading software from known verified distributors, such as the Microsoft Store or the Apple App Store. Also, a firewall can block traffic from unverified sources.[3] Droppers can also target mobile devices. For instance, a user might download an application via a text message link, which leads to the device being infected with malware. An example of a Trojan dropper created for mobile devices is the Sharkbot dropper.[5][6] It facilitates unauthorized financial transactions by exploiting the Automatic Transfer Service (ATS), allowing attackers to siphon funds from mobile banking applications. This type of malware typically enters devices through sideloading, bypassing official app stores.[6]
See also
editReferences
edit- ^ "Trojan.Dropper". Symantec. Archived from the original on 24 March 2007.
- ^ "What is dropper - Definition from WhatIs.com". techtarget.com.
- ^ a b Saurbh, Utkarsh (2022). Explained: Types of Dropper malware and how to prevent yourself from them [GADGETS NEWS] (Thesis). ProQuest 2651840630.
- ^ "Explainer: What is a dropper malware and how to prevent its attack". The Times of India. 2 March 2022. ProQuest 2634604466.
- ^ Research, RIFT; Team, Intelligence Fusion (2022-03-03). "SharkBot: a "new" generation Android banking Trojan being distributed on Google Play Store". NCC Group Research. Retrieved 2022-12-03.
- ^ a b Arntz, Pieter. "SharkBot Android banking Trojan cleans users out". Malwarebytes. Retrieved 2022-12-03.