Researchers have disproved a few new malicious Android apps hosted on the Play Store. These apps pose as harmless file managers and infect devices with the banking trojan. These apps do not carry any malicious code but fetch the malicious payload after the installation. In this way, they easily avoid detection by Google Play’s virus scanner.
Researchers from Bitdefender discovered these apps that load SharkBot after the installation on the device. These malicious apps disguise as file managers, so ask for permission to install external packages. This permission is used to download malware after the installation.
- X-File Manager by Victor Soft Ice LLC (10000+ downloads)
- FileVoyager by Julia Soft Io LLC (5000+ downloads)
- LiteCleaner M by LT Developer Groups (1000+ downloads)
Sharkbot is malware that steals online bank accounts by displaying phishing pages in banking apps. When users enter the credentials in the fake login pages, the credentials are sent to the attacker. The report also confirms that these apps are targeting users only in select countries including the United Kingdom, followed by Italy, Iran, and Germany.
The report confirmed that these malicious apps have been removed from the Play Store. But users who already installed the devices are at the risk. If you have any of these apps installed on your phone, remove them now. These apps are also available across different third-party stores.
