Android malware: beware, this file manager contains a virus

Bitdefender researchers warn that a rogue Android file manager is currently circulating on the Google Play Store. This contains the SharkBot malware and seems to be spreading particularly in the UK, Romania and Italy. Discovered by cybersecurity experts Cleafy in 2021, SharkBot’s main purpose is to steal sums of money via a technique called Automatic Transfer System (ATS).

ATS consists of intercepting transactions made by a banking application, and discreetly exchanging the recipient account with a bank account controlled by hackers. Another function of the virus is to place “overlays” above banking login pages. Once the user enters their credentials, they are transmitted to hackers.

Android: we must now also be wary of applications on the Google Play Store…

Before discovering SharkBot in an Android file manager, the malware has already been spotted in other droppers, like fake antivirus apps or maintenance apps. Here is the list of applications that may infect your Android smartphone with SharkBot. All the apps in question have since been removed from the Google Play Store:

  • X-File Manager (com.victorsoftice.llc)
  • FileVoyager (com.potsepko9.FileManagerApp)
  • LiteCleaner M (com.ltdevelopergroups.litecleaner.m)

To give you an idea, X-File Manager has been downloaded over 10,000 times, while FileVoyager has over 5,000 downloads and LiteCleaner M has 1,000 downloads. To bypass Google’s defenses on the Play Store (all applications submit to an antivirus scan), hackers have made them “droppers”.

When initially uploaded to Google’s servers, the apps do not actually contain any malicious code. But they contain an agent that allows them to download code from the internet and run it after installation. To prevent abuse, Google is increasingly restricting the ability for apps to download code.

Now only web browsers, email apps that support sending files, file managers, enterprise device fleet management apps, backup apps, and settings and data transfer apps have this feature. ability. We therefore understand better why the hackers chose two file managers to propagate their attack.

Of course, if any of the aforementioned apps are on your Android smartphone, it is highly recommended to uninstall them immediately. Some of these infected applications may still be available on alternative stores, including Apksos. For now, the malicious campaign does not seem to be targeting France, but that could change in the coming weeks.

To protect yourself, effective antiviruses exist for Android smartphones. Bitdefender, but also Norton 360 or McAfee deliver security applications capable of detecting threats in real time, removing them, and even protecting you against advanced threats such as phishing. Click the button below to find out more:

Learn more about Bitdefender

NordVPN

Leave a Comment