The SharkBot and Vultur trojans are back in the Android Play Store. Distributed via five infected applications, these Trojans aim to steal your banking information.
Identified by researchers at cybersecurity firm ThreatFabric, the affected apps compromise the security of Android smartphones and tablets, and allow hackers to siphon banking information. 231 financial institutions are targeted in France, but also in Germany, Spain and Italy.
Seemingly harmless
As often, this malware finds its place in everyday applications: file manager, budget monitoring, code generator for two-factor authentication… Here is the list of the five applications squatted by this malware:
- Tax Code 2022
- File Manager Small, Lite
- My Finance Tracker
- Recover Audio, Images & Videos
- Zetter Authenticator
Functional, all were available on the famous Google application store. And they record thousands of downloads: more than 100,000 for Recover Audio, Images & Videos, more than 10,000 for Zetter Authenticator or Codice Fiscale, or 1,000 for My Finances Tracker.
As of this writing, most have been removed, but Zetter remains available for download.
Google security bypassed
While Google’s security rules continue to tighten for developers, hackers are not lacking in imagination to reach their targets. Applications are slipped through the cracks using the method of sideloadingwhich consists of installing packages installation via a web page outside the application store. For example, crooks can make the user open a fake Google Play Store page, under the pretext of an update and obtain advanced rights on the device to bypass restrictions or to install keyloggers.
Once these applications are functional, hackers adhere to new security policies, impersonating file managers, and circumvent limitations […] explain the experts at ThreatFabric. These are practices accessible and usable on a large scale “, they add.
According to the company specializing in mobile security, these methods can quickly reach many users. While Cyble has just announced the discovery of a new version of the Drinik Trojan Horse, the arsenal for targeting Android is well and truly complete.
Sources: The Hacker News,Threatfabric
2