Image Source: Cybercrime Magazine
Introduction
ThreatFabric analysts have spotted five malicious Android apps on the Google Play Store distributing banking trojans. In a recent report, ThreatFabric unveils five dropper apps with over 130k+ installations that distribute banking trojans like—Sharkbot and Vultur that can steal financial data from the user's phone.
In this post, we’ll go through the report of ThreatFabric and explain to you the banking trojans like—Sharkbot and Vultur. We’ll also give you the five Android apps that can threaten your bank accounts. So, without any further ado, let’s get started.
The Sharkbot
ThreatFabric spotted this campaign of banking Trojan called the Sharkbot at the beginning of October 2022. Two harmless-looking dropper apps—Codice Fiscale 2022 and File Manager Small were on the Play Store delivering Sharkbot on victims' mobile.
The Codice Fiscale 2022 had over 10k+ installations and was disguised as an app to calculate tax codes in Italy. This malicious Android app prompts the user to install a fake update that installs the Sharkbot. Interestingly, to avoid using REQUEST_INSTALL_PACKAGES permission, the dropper opens a fake Google Play store page with fake information and reviews to urge the victim to perform an update.
The other app, File Manager Small had zero installations. However, it had broad targets including banks from Italy, the UK, Germany, Spain, Poland, Austria, the US, and Australia.
The Vultur
“Vultur is an Android banking trojan that specializes in stealing PII from infected devices using its screen-streaming capabilities. It is also able to create a remote session on the device using VNC technology to perform actions on the victim’s device, effectively leading to On-Device Fraud (ODF).”
ThreatFabric spotted three new Droppers—My Finances Tracker, Zetter Authentication, and Recover Audio, Images & Videos on the Google Play store, ranging from 1,000 to 100,000. These apps delivered Vultur malware on victims' phones with features like UI logging, recording clicks, gestures, and all actions taken by the victim on the device.
Five Android Apps That Can Threaten Your Bank Accounts
- Recover Audio, Images & Videos: 100,000 downloads
- Codice Fiscale 2022: 10,000 downloads
- Zetter Authentication: 10,000 downloads
- File Manager Small, Lite: 1,000 downloads
- My Finances Tracker: 1,000 downloads
Conclusion
ThreatFabric continuously identifies and reports malicious droppers to remove them from official stores. But, if you have already installed these apps, you should immediately delete them.
Source: ThreatFabric/Bleeping Computer
-original.webp)
-original.webp)
-original.webp)
-original.webp)
-original.webp)
