In a new threat campaign that targets Android users, security researchers reveal that the operators of the SharkBot trojan return, distributing the malicious payload via the Google PlayStore. This new campaign seemed to have targeted users mainly from the UK and Italy.
Over thousands of downloads were collected by the malicious Android apps that carry the SharkBot trojan as it impersonates utility apps that people need to install on their devices. Upon being installed, the malicious app will check for the existence of at least one targeted mobile banking platform and then will ask permission to install external packages leading to the trojan’s download in the device.
The external packages carrying the SharkBot trojan are being downloaded in the background.
Users are tricked into believing that the external packages downloaded in the background are only app updates after the initial malicious utility apps are installed. However, these external packages carried the banking trojan that would eventually execute attacks against the victims.
Based on experts’ analysis of the campaign, some apps posing as Android utility apps to spread the trojan were FileVoyager, Cleaner Booster, LiteCleaner, PhoneAID, and X-File Manager. The experts underline that it is not a new campaign seen from the SharkBot operators involving Google Play Store and impersonating apps to propagate the banking trojan.
Google, on the other hand, had executed actions to stop cyber criminals from residing in the application store platform, although it remained to be one of the most utilised locations for malicious actors to spread malware against victims.
In recent reports, security experts have also spotted four malicious apps on the Play Store impersonating legitimate applications and redirecting victims to attacker-controlled websites filled with info-stealers, adware, or banking trojans.
These apps include Bluetooth App Sender, Mobile transfer: smart switch, Bluetooth Auto Connect, and Driver: Bluetooth, Wi-Fi, USB. Millions of user downloads have been amassed by these apps since people installed them on their devices for their functions, not knowing the security threats that await them.
Because of Google Play Store’s broad reach of users, threat actors see this as an opportunity to target as many victims as possible. Once successfully entered the devices, the hackers can perform various malicious activities, such as stealing valuable data, spying, or robbing money.
Thus, all Android users worldwide must be cautious with which mobile applications they install, read the user reviews, and see if they are created by trusted app developers and not suspicious ones.
