Android - Cheval de Troie bancaire - Sharkbot

These Android apps distribute the Trojan Sharkbot!

Bitdefender security researchers have discovered new malicious apps for Android that come in the form of a file manager. In the end, it is the Sharkbot malware that is deployed on the device with the aim of gaining access to your bank accounts.

Malicious applications identified by Bitdefender are distributed via the Google Play Store ! To avoid detection by Google’s analysis systems, the cybercriminals did not integrate the malware into the application. This is loaded by the application later when it asks for your consent to update. In reality, it will download Sharkbot from a remote server.

Named X-File Manager et FileVoyager, these applications allow the user to manage the files of their Android device. Therefore, they need advanced permissions on the device: which will look legitimate and not arouse suspicion. However, the objective is elsewhere: deploy the “Sharkbot” banking Trojan on the device.

Once in place, Sharkbot will seek to steal your bank login credentials. To do this, when you open your bank’s application in order to access your accounts, Sharkbot will make sure to display login forms over the app window so as to intercept the input.

This malware supports many European banks including Hello Bank!, Barclays, BancoPosta or encore ING Italia. Bitdefender nevertheless specifies that cybercriminals can remotely update the list of supported banking applications. Also according to Bitdefender, the majority of Sharkbot victims are located in UK, Italy, Iran and Germany.

Google Play Store - Malicious Apps - November 2022
Source : Bitdefender

At the time of writing these lines, the X-File Manager and FileVoyager applications are no longer available on the Google Play Store. Nevertheless, they have already caused thousands of victims because these apps have over 15,000 downloads in total. In addition, you should also be wary of the “LiteCleaner M” and “Phone AID, Cleaner, Booster 2.6” apps.



#Android #apps #distribute #Trojan #Sharkbot

Leave a Comment

Your email address will not be published. Required fields are marked *