MiningDropper – A Global Modular Android Malware Campaign Operating at Scale

Executive Summary Cyble Research and Intelligence Labs (CRIL) has been monitoring a significant surge in the use of “MiningDropper”, a sophisticated Android malware delivery framework that combines cryptocurrency mining capabilities with the deployment of infostealers, Remote Access Trojans (RATs), and banking malware . MiningDropper employs a multi-stage payload delivery architecture that combines XOR-based native obfuscation, AES-encrypted payload staging, dynamic DEX loading, and anti-emulati