Editing Dropper (malware) (section)

{{Short description|Windows-platform based computer malware}}
A '''dropper'''<ref>{{cite web |title=Trojan.Dropper |url=http://www.symantec.com/security_response/writeup.jsp?docid=2002-082718-3007-99 |archive-url=https://web.archive.org/web/20070324045359/http://www.symantec.com/security_response/writeup.jsp?docid=2002-082718-3007-99 |archive-date=24 March 2007 |publisher=[[Broadcom#Symantec enterprise security|Symantec]]}}</ref><ref>{{cite web |title=What is dropper - Definition from WhatIs.com |url=http://whatis.techtarget.com/definition/dropper |publisher=techtarget.com}}</ref> is a [[Trojan horse (computing)|Trojan horse]] that has been designed to install [[malware]] (such as [[Computer virus|viruses]] and [[Backdoor (computing)|backdoors]]) onto a computer. The malware within the dropper can be packaged to evade detection by [[antivirus software]]. Alternatively, the dropper may [[download]] malware to the target computer once activated.

Droppers can be categorized into two types: persistent and non-persistent. Persistent droppers conceal themselves on the device and alter [[System registry|system registry keys]]. Concealment allows them to reinstall the malware during a reboot, even if previously removed. Non-persistent droppers are considered less dangerous as they remove themselves from the system after executing their payload. Thus, once the malware is removed, it cannot reinstall itself.<ref name=":0">{{cite thesis |id={{ProQuest|2651840630}} |last1=Saurbh |first1=Utkarsh |year=2022 |title=Explained: Types of Dropper malware and how to prevent yourself from them [GADGETS NEWS] }}</ref>

Trojan horses operate by masquerading as legitimate programs, requiring user interaction to execute. They unpack and load malicious code into the computer's memory, then install malicious software (malware).<ref>{{cite news |id={{ProQuest|2634604466}} |title=Explainer: What is a dropper malware and how to prevent its attack |newspaper=The Times of India |date=2 March 2022 }}</ref>

Precautions can be taken to prevent infection from malware droppers. For example, not opening links from unknown sources and only downloading software from known verified distributors, such as the [[Microsoft Store]] or the [[Apple App Store]]. Also, a firewall can block traffic from unverified sources.<ref name=":0" />
Droppers can also target mobile devices. For instance, a user might download an application via a text message link, which leads to the device being infected with malware. An example of a Trojan dropper created for mobile devices is the Sharkbot dropper.<ref>{{Cite web |last=Research |first=RIFT |last2=Team |first2=Intelligence Fusion |date=2022-03-03 |title=SharkBot: a "new" generation Android banking Trojan being distributed on Google Play Store |url=https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/ |access-date=2022-12-03 |website=NCC Group Research |language=en-US}}</ref><ref name=":1">{{Cite web |last=Arntz |first=Pieter |title=SharkBot Android banking Trojan cleans users out |url=https://www.malwarebytes.com/blog/news/2021/11/sharkbot-android-banking-trojan-cleans-users-out |access-date=2022-12-03 |website=Malwarebytes |language=en}}</ref> It facilitates unauthorized financial transactions by exploiting the Automatic Transfer Service (ATS), allowing attackers to siphon funds from mobile banking applications. This type of malware typically enters devices through [[sideloading]], bypassing official app stores.<ref name=":1" />