SecuriDropper, a new dropper-as-a-service cybercrime operation, bypasses Android’s Restricted Settings security feature to install malware on devices, gaining access to Accessibility Services. This method, first observed with the BugDrop dropper in August 2022, involves using a session-based installation API for malicious APK files, bypassing Android’s warnings and granting malware risky permissions. The same Restricted Settings bypass strategy has been advertised by Zombinder, another DaaS operation. Android users are advised to avoid downloading APK files from unknown sources and review app permissions to protect against attacks.
Blue Shield of California members may have had their data exposed in a November data breach. Information included member names, dates of birth, addresses, subscriber