Sharkbot is a banking trojan which is precisely the protagonist again these days, having been detected in new apps. And as you can imagine, she jeopardizes the bank accounts of the victims without them being aware, always carrying out the same modus operandi
“Hey, download this update. It’s not a trojan at all huh”
This very phrase could very well summarize the deception attempt of cybercriminals who add Sharkbot to their apps. But let’s go for the beginning according to the recent discovery that they have made since Bitdefender. For this we will tell you that There are four apps in which the Trojan has been found. And that without ever exceeding 15,000 downloads, they are already enough to be alert.
“X-File Manager”, “FileVoyager”, “Phone AID, Cleaner, Booster” and “LiteCleanr M” are such malicious apps. They are on Google Play and although it is noticeable that they are not the most popular, give the appearance of being trustworthy apps to manage files and even clean up and even speed up the performance of the mobile. And the truth is that at first they are reliable, since the Trojan is not included as standard.
Like other recently discovered apps, what these apps do is suggest downloading an update as soon as it is downloaded and in which the trojan is added. This update is carried out from non-Google servers and on some occasions they even offer an interface modeled on that of Google Play to give that appearance of reliability. But nothing could be further from the truth, since the aforementioned Sharkbot Trojan is included in the download process without the victim being aware.
Once the Trojan is already in the system, the app in question begins to request permissions that end up being the key to data theft. See the permission to read SMS with which to circumvent the two factor authentication of banking apps or access to passwords and theft of cookies. With all this, the cybercriminals behind it have full access to carry out monetary operations with the victim’s bank.
Luckily, if we can qualify it that way, this Trojan is still highly localized and not in Spain. Nevertheless, nothing indicates that it cannot be extended to more territories. Initially it was detected in apps aimed at the Italian public and now it has also been found in countries such as Germany, the United Kingdom, Algeria or Iran.
Therefore, you will have to follow the usual advice to avoid malware on Android. see always check number of downloads and ratings of Google Play apps, do not allow downloads from external servers that are not trustworthy and manage permissions well preventing apps from having unnecessary access to those that are more sensitive (accessibility, SMS reading, notifications, etc.).
Via | Tom’s Guide