SharkBot Trojan Spread Via Android File Manager Apps

Cybercrime as-a-service
Fraud Management & Cybercrime

Now-Removed Apps Have 10K Downloads, Target Victims in the UK, Italy

SharkBot Trojan Spread Via Android File Manager Apps

The operators behind banking Trojan SharkBot are targeting Google Play users by masquerading as now-deactivated Android file manager apps and have tens of thousands of installations so far.

See Also: Live Webinar | How To Meet Your Zero Trust Goals Through Advanced Endpoint Strategies

Cybersecurity firm Bitdefender says it found applications on Google Play store disguised as file managers and acting “as droppers for SharkBot bankers shortly after installation, depending on the user’s location.”

“The Google Play Store would likely detect a trojan banker uploaded to their repository, so criminals resort to more covert methods. One way is with an app, sometimes legitimate with some of the advertised features, that doubles as a dropper for more insidious malware,” Bitdefender researchers say.

The apps uncovered by Bitdefender are disguised as file managers and require permission to install external packages, leading to malware downloading.

“As Google Play apps only need the functionality of a file manager to install another app and the malicious behavior is activated to a restricted pool of users, they are challenging to detect,” researchers say.

However, the apps are removed for now, and researchers warn that they are still present across the web in different third-party stores, making them a current threat.

Users primarily from…