A new batch of malicious Android apps has managed to sneak into the Google Play Store and enjoy more than 10,000 downloads before being removed, experts warn.
Bitdefender cybersecurity researchers have recently discovered four such apps: “X-File Manager”, “FileVoyager”, “PhoneAID, Cleaner, Booster 2.6” and “LiteCleaner M”. Together, they accumulated at least 16,000 downloads and distributed Sharkbot – a well-known banking Trojan malware.
The apps are disguised as utilities — three are file manager apps, while the fourth is a memory and phone cleaner app. That way, the researchers suggest, the attackers hoped not to arouse suspicion when the apps start asking for all sorts of permissions.
Delivery of the cargo
After all, in order for Sharkbot to steal sensitive banking information, it needs permission to do all sorts of things, including other apps. Sharkbot works by layering on top of legitimate banking apps so that when the user logs in with their credentials, the trojan steals them.
It appears that the apps have tricked Google’s security checks by not actually delivering the malware upon installation. Instead, the app will trigger an “update” at a later stage, when the trojan is deployed.
The victims appear to be mainly people living in the UK and Italy, although the researchers saw that the threat actors also went after bank accounts of people in Iran and Germany.
While Google removed these apps from its repository as quickly as possible, that doesn’t change the fact that tens of thousands of people have these apps installed on their endpoints and these people remain at risk.
Until they completely remove these apps from their devices and change their bank account passwords, they remain a potential identity theft victim (opens in new tab)wire fraud and other cybercriminal activities.
To protect against such attacks, it would be wise to keep the Play Protect service enabled and an Android antivirus app running, it was said.
Via: Bleeping Computer (opens in new tab)