A new banking Trojan was created to steal your login information, account number, and other financial details that could aid attackers in stealing your hard-earned money. Trojan malware, like the Greek Trojan Horse, ambushes users by masquerading as a legitimate app. These apps alert the user that an update is available, but what is installed is malware that runs in the background.
Nevertheless, the report cites that this new banking Trojan is known as Sharkbot, and one malware dropper claimed to be an app that would assist users in calculating their taxes in Italy. “Codice Fiscale” has over 10,000 instals and an unsuspecting listing in the Play Store. When the app is launched on a device, it verify the country where the handset’s SIM card is registered. There would be no malicious behaviour if it did not match the code for Italy.
Also Read: How to Protect Your Router From Russian Malware?
When launched on a phone with an Italian SIM card, the app displayed a bogus Play Store page with a listing for “Codice Fiscale.” This bogus listing also indicated that an update for the app was available, which all users would most likely tap on. While some browsers may notify the user about the update, the phone’s owner may be reassured by the fact that the app was downloaded from the Google Play Store and proceed with the update.
The previously stated banking Trojan was actually loaded onto the phone. And if you think you’re safe from having your personal information stolen from your banking app since you don’t live in Italy, think again. One more dropper app, “File Manager Small, Lite,” aims banking apps used in other countries, including the United States, United Kingdom, Austria, and Australia, as well as Italy, Germany, Spain, and Poland.
Another banking Trojan, Vultur, has been spread by three malware droppers that can also be found in the Play Store: “Recover Audio, Images, and Videos.” “My Finances Tracker” and “Zetter Authentication.” The first app on the list has over 100,000 downloads. Vultur records all taps and gestures performed by an Android user on his or her phone. This is similar to Sharkbot.
If you have these five apps installed on your Android phone, uninstall them.
To combat these malware droppers, we usually recommend scanning the comment page for red flags. Attackers, on the other hand, have been known to flood the comment thread with fake reviews. After installing one of these apps, you may notice a phoney Google Play Store listing with phoney reviews in an attempt to get you to click the update button. Inadvertently, the victim is allowing the malware to load on his own phone.
According to ThreatFabric, it always reports malware droppers in an attempt to have them deleted from app stores. However, only because an app is excluded from an app store does not mean it is no longer available.
Recover Audio, Images, and Videos – 100,000 downloads
Codice Fiscale 2022 – 10,000 downloads
Zetter Authentication – 10,000 downloads
File Manager Small, Lite – 1,000 downloads
My Finances Tracker has received 1,000 downloads.
ThreatFabric adds, “This method of spreading Android banking Trojans is extremely dangerous because victims may remain unsuspecting for an extended period of time and may fail to warn their bank about suspicious transaction done without their knowledge. As a result, it is critical that organisations take steps to detect malicious apps and their payloads, as well as suspicious behaviour on a customer’s device.”