A handful of malicious Android apps serving the Sharkbot trojan had infiltrated the Google Play Store to steal the victim’s bank credentials.
These apps pose as a regular file manager and amassed thousands of downloads before being delisted by Google after reporting. Users having these apps are advised to remove them immediately and clean-check their devices.
Sharkbot Trojan in Android Apps
To the unknown, Sharkbot is a data-stealing trojan that often targets victims’ bank credentials by overlaying a phishing form on the legitimate login forms – of popular bank accounts that the victims may use.
These forms are carefully crafted to look alike and capture all the sensitive information entered into them. When done, these would be t transported to the hacker for using them in stealing funds or other attacks. Lately, Bitdefender researchers spotted some Android apps in Google Play Store distributing Sharkbot.
These apps masqueraded as regular file managers, with no Sharkbot in them initially. Having no malicious payload would help in evading detection. But when installed, these fake file manager apps ask for a range of permissions like reading and writing external storage, installing new packages, accessing account details, deleting packages (to wipe traces), etc.
And since these are file management apps, they’re more likely to get those permissions without raising any suspicion. When granted, the apps will ask the user to update to a new version available – where they fetch Sharkbot, which then follows the above process to steal banking data.
Researchers mentioned the following apps where they found Sharkbot – X-File Manager by Victor Soft Ice LLC (downloaded 10,000 times), FileVoyager by Julia Soft Io LLC (over 5,000 times), LiteCleaner M (over 1,000 downloads) and the Phone AID, Cleaner, Booster 2.6.
While all these were now removed from Play Store after being reported, researchers warn that users who have already installed them before being delisted are still vulnerable. Thus, running a clean check of your device is recommended.
