A new and somewhat successful campaign to introduce Trojans Android (Opens in a new tab) The users were exposed by cybersecurity researchers from Threat Fabric.
Experts warn that since Google made updates to its Developer Program Policy, threat actors are looking for new ways to provide Malware through the Play Store and stay under the radar while you do it.
This new campaign includes multiple trains, with over 130,000 downloads in between, and deploys two well-known Trojans on victims’ mobile endpoints: Sharkbot and Vultur. While Sharkbot targets exclusively Italians, Vultur operators cast a somewhat larger network, targeting not only Italians but also people in the UK, Netherlands, Germany and France.
fake updates
The way Sharkbot works is simple: the version in the Google mobile app repository is not malicious, but once a user launches it, it shows a fake Play Store page, forcing the victim to “refresh” the app before using it. The researchers concluded that “since victims are certain of the app’s origin, they are very likely to install and run the downloaded Sharkbot payload.”
Sharkbot’s goal is to transfer funds, from victims’ bank accounts, to operators, via automated transfer systems. Described by the NCC Group as an “advanced technology” rarely used with Android malware, it enables threat actors to automatically fill in fields in legitimate mobile banking apps.
On the other hand, Vultur targets social media, messaging, banking, and cryptocurrency exchange apps.
Between the two, Vultur appears to be the most successful Trojan, with Threat Fabric saying it has reached over 100,000 potential fraud victims in the past few months.
The researchers concluded that “distribution through trains on Google Play remains the most ‘expensive’ and scalable way to reach victims for most actors of all levels.”
“Whereas complex tactics such as targeted phone-delivery attacks require more resources and are difficult to scale, trains in official and third-party stores allow threat actors to reach a reassured broad audience with reasonable efforts.”
- Fight viruses and ransomware with software best firewall tools around
Across: security affairs (Opens in a new tab)