Not a week goes by without malicious apps being reported on the Play Store. Today, it is the security software publisher Bitdefender which alerts on four Android applications to be uninstalled urgently.
Seemingly innocuous, these fake cleaner and file manager apps have infiltrated the Android app store, infecting users with the Sharkbot banking trojan. Now removed from the Play Store, they remain installed on the devices of many users.
Real Fake Android File Managers
In order not to arouse suspicion and slip through the cracks of Google’s net, the four applications arrive on the Play Store being perfectly legitimate. Understand by this that the malicious payload is not present at the launch of the application, but downloaded remotely in a second time. An effective and unfortunately well-known method for hackers to install a Trojan horse.
Here, the operation is all the more sneaky as the permissions requested from the user are quite common… for file manager applications: reading and writing external storage, installing and deleting new files, etc. Perfect for not attracting suspicion.
Once the Sharkbot payload is installed, the software attempts to steal money through another well-known trick: displaying fake login forms on top of legitimate banking apps. After filling in the fake form, the hackers can save this data and use it to siphon off your account as they please.
Four apps removed from the Play Store
The first application, named “X-File Manager”, is published by Viktor Soft Ice LLC. Unfortunately, it has been downloaded over 10,000 times. To download and install the Sharkbot Trojan, the application prompts the user to approve a fake update. The second file manager app is called “FileVoyager” by Julia Soft Io LLC. The latter has been downloaded 5,000 times on the application store. The process used is the same as for the first application.
Read also : 3 Android applications siphon your personal data without your knowledge
The two others malware impersonate cleaning applications: “LiteCleaner M” (1,000 downloads) and “Phone AID, Cleaner, Booster 2.6”. Banks targeted by this banking trojan are mainly located in UK, Italy, Iran and Germany. Bitdefender has published a complete list of banking institutions, while reminding that hackers can update it at any time.
If you have one of these apps on your phone, uninstall it immediately. The best solution to protect yourself is to keep the Play Protect service activated on your smartphone and read user reviews before downloading a new application. Using an antivirus for Android is also an option to strengthen the security of your devices.