At the same time, cybercriminals have been more aggressive than ever. Now they’re using sophisticated dropper applications that target folks with banking trojans, SMS stealers, and spyware. ThreatFabric, a Romanian cybersecurity company, found 20 different dropper variants that slip under Google Play Protect’s radar. Malicious applications are attempting to pose as legitimate government or banking applications. Especially, the emergent companies that mostly focus on Indian and other South Asian markets. Recent hot takes and analysis have exposed just how sophisticated and targeted these threats are and this is what has triggered a response from Google to supercharge the company’s security.
ThreatFabric has called out some of these droppers variants such as SecuriDropper, Zombinder, BrokewellDropper, HiddenCatDropper and TiramisuDropper. These new variants are explicitly engineered to circumvent current security protections, like Google Play Protect. Threat actors are always moving forward, innovating to future-proof their operations, making sure that their malware will work even as it comes up against changing defenses.
The Role of Google Play Protect
Until now, Google Play Protect has provided a useful surface-level security solution against known malware variants. According to a Google spokesperson, “Regardless of where an app comes from – even if it’s installed by a ‘dropper’ app – Google Play Protect helps to keep users safe by automatically checking it for threats.” This new feature is designed to safeguard Windows users from malicious apps that evade traditional security defenses.
As it has worked so well, recent news shows that cybercriminals have figured out how to take advantage of gaps in the system. The spokesperson emphasized, “Protection against these identified malware versions was already in place through Google Play Protect prior to this report. Based on our current detection, no apps containing these versions of this malware have been found on Google Play.” As the tactics of these dark speculators develop and morph, Google is working to increase their protections against these new tactics.
In addition to STAR, Google has piloted other security features globally in markets like Singapore, Thailand, Brazil and India. These included initiatives that sought to preemptively block the sideloading of apps. In particular, they focus on apps that ask for risky permissions, like accessing SMS messages and accessibility services. The latter has been terribly misused for bad things on Android devices.
Rise of RewardDropMiner
One of the most recent threats released in the wild is RewardDropMiner. This malicious software not only delivers other spyware payloads, it can be activated remotely to mine the Monero cryptocurrency. This dropper specifically zeroes in on users in India, adding another layer of complexity to the dangerous cybersecurity landscape. Some of the malicious apps associated with RewardDropMiner include:
- PM YOJANA 2025 (com.fluvdp.hrzmkgi)
- °RTO Challan (com.epr.fnroyex)
- SBI Online (com.qmwownic.eqmff)
- Axis Card (com.tolqppj.yqmrlytfzrxa)
Cybercriminals are using these apps more and more. This is a sign of positive change, evidence that they’re adjusting their strategies in response to how people use the site. “This campaign shows how cybercriminals are fine-tuning their tactics to keep up with user behavior,” noted ThreatFabric.
Since then, on July 22, 2025, more than 75 nefarious ads have gone viral across all platforms. These ads, which encourage dropper applications, have impacted tens of thousands of users in the European Union alone. That kind of universal distribution points to the need for strong security measures and a greater awareness on the part of users.
Future Implications
The rapidly changing landscape of dropper applications presents enormous dangers to mobile consumers. Threats are getting smarter by the day. It’s important for everyone to be vigilant about the apps they download to their devices. By wrapping low complexity payloads in droppers, threat actors can arm a dangerous new protective shield against current detection capabilities. This approach provides them the creative freedom to pivot in new directions for upcoming cycles.
As cybercriminals adapt their strategies and exploit new vulnerabilities, both users and security experts must stay informed about the latest developments in mobile security. Google’s pledge to improve its protections should be appreciated, that’s a step in an ongoing arms race against bad actors.