It seems that Android continues to make news due to the presence of malicious apps in its app store.
This time it is a new group of apps that present themselves as file managers and that are used as a front to infiltrate the banking Trojan sharkbot on mobile devices.
It is worth mentioning that, unlike other apps with malicious content, they do not carry the virus with them when they are installed, but rather after completing this process, when they a recovery process using a remote resource.
And although these applications have already been removed from the Play Store, it is likely that you have some of them installed on your smartphone, and they are still available available in third party stores.
What is Sharkbot?
Sharkbot is a malware that acts stealing bank accounts online through false login forms that deceive the user, making them enter their account access data and then seize it and empty it.
Since malicious apps infiltrate as file managers, they do not arouse any suspicion in the user, who ends up granting the permissions required to exercise its action and release the malware on the smartphone system.
Over time, Sharkbot has evolved in different ways, in the past posing as antivirus or cleaning tools to infiltrate victims’ mobile devices.
However, this time the malware has returned in the form of these four file management apps:
- X File Manager
- FileVoyager
- LiteCleaner M’
- Phone AID Cleaner Booster 2.6′
In the case of X File Managerthis app was downloaded a total of 10 thousand times from the Play Store, and it has also been reviewed with a large number of negative comments.
Moving to the next named app File Voyager this was downloaded a total of 5 thousand times. Next on this list is LiteCleaner M’ with over a thousand downloads, just like Phone AID, Cleaner, Booster 2.6′.
In the same way that it has happened with other applications infected with Sharkbot, these do anti-emulation checks to avoid detection.
After this, the malware is loaded onto the SIM card of the mobile device, but with the particularity of applying this only on SIM cards present from UK and Italyso at the moment the attacks seem to be specifically focused on users in these regions.
However, it never hurts to check your phone and see if you have any of these malicious apps installed, so remove them and change your bank account passwords as a precaution.
