Experts have warned that a new group of malicious Android apps managed to make their way to the Google Play Store and enjoy more than ten thousand downloads before they were removed.
Bitdefender cybersecurity researchers recently discovered four such apps: “X-File Manager,” “FileVoyager,” “PhoneAID, Cleaner, and Booster 2.6,” and “LiteCleaner M.” Between them, they had amassed no fewer than 16,000 downloads, and were distributing Sharkbot – a well-known banking Trojan. malware.
The apps are disguised as utility solutions – three of them are file management apps, while the fourth is a memory and phone cleaning app. That way, the researchers suggest, the attackers hoped not to arouse suspicion when apps start asking for all kinds of permissions.
After all, in order for Sharkbot to steal sensitive banking data, it needs permission to do all sorts of things, overlaying other built-in apps. Sharkbot works by placing on top of legitimate banking applications, so that when a user logs in with their login credentials, the Trojan horse steals these applications.
It appears that the apps manage to fool Google’s security checks by not actually presenting malware upon installation. Instead, the application will run an “update” at a later stage, when the Trojan is deployed.
The victims appear to be mostly people living in the UK and Italy, although researchers note that threat actors go after the bank accounts of people in Iran and Germany as well.
While Google is removing these apps from its repository as soon as possible, that doesn’t change the fact that tens of thousands of people have these apps installed on their endpoints, and those people are still at risk.
Until they completely remove these apps from their devices, and change the passwords to their bank accounts, they will remain a potential victim of this. Identity theft (Opens in a new tab)and electronic fraud and other cybercrime activities.
To protect against such attacks, it would be wise to keep Play Protect enabled, and your Android antivirus app active, as said.
Across: Computer (Opens in a new tab)