Several malicious Android apps containing the Sharkbot trojan have infiltrated the Google Play Store to steal victims’ banking credentials.
According to BleepingComputer , BitDefender researchers have discovered several Android apps in the Google Play Store that distribute Sharkbot. These apps masquerade as regular file managers and initially don’t have Sharkbot in them and don’t have malicious payloads to avoid detection.
But after installation, they will ask for a series of permissions such as read and write external storage, install new packages, access account details, delete packages (to remove traces) Because these are management applications files so they are more likely to get those permissions without raising any doubts. Once authorized, they will ask users to update to a newly available version, where they will fetch Sharkbot before going through the process to steal banking data.
BitDefender says these malicious apps accumulated thousands of downloads before being removed by Google after detecting fraud. Researchers at BitDefender mentioned the applications they discovered Sharkbot, including X-File Manager by Victor Soft Ice LLC (over 10,000 downloads), FileVoyager by Julia Soft Io LLC (over 5,000 downloads) down), LiteCleaner M (more than 1,000 downloads) and Phone AID, Cleaner, Booster 2.6. Android device users who have these apps should delete them immediately.
Sharkbot is a data-stealing trojan that typically targets victims’ banking credentials by overlaying a phishing form over the legitimate login forms of popular bank accounts that victims can use.
The forms are carefully crafted to look real and collect all sensitive information entered into them. When done, these will be passed to the hacker for use in stealing money or other attacks.
While all of these apps have now been removed from the Google Play store after Google received the report, researchers warn Android users who installed them before they were removed are still vulnerable. , so please quickly delete the above applications if you accidentally install them on your device.