These applications bypass the security measures of the Google Play Store and seem simple. But dangerous Trojans lurk behind them.
Munich: Many people do their banking with their smartphone. To do this, download the apps from providers like savings bankVolksbank or N26 down. But these apps aren’t always what they claim to be. Cybercriminals are increasingly using the growing popularity of this form of banking for their purposes.
Two Malware Campaigns Detected: Discreet Dropper App Download Trojans
I like online magazine technology book Criminals reportedly use so-called dropper apps to install malware on smartphones. These applications can be opened normally from the Google Download PlayStore. The user does not suspect either, since the app fulfills its mission. Only when the dropper app requests an update and the user agrees, malware is installed, for example Trojans that transmit account data stored on the smartphone to criminals.
In a blog post published in October 2022, the Dutch cybersecurity company ThreatFabric reports on two major campaigns using five dropper apps to smuggle the “Vultur” and “Sharkbot” Trojans onto smartphones.
Malware “Vultur”: Data theft through keylogging
“Vultur” discovered ThreatFabric in July 2021. The malware steals personal data through keylogging. This means that the malware can read the inputs on the smartphone screen, for example the banking app password, and forward them to the criminals. The malicious program is even capable of launching a remote session and thus performing actions on the devices.
ThreatFabric recently found three new dropper apps for “Vultur” on the Google Play Store, achieving between 1,000 and 100,000 downloads. These are the following applications:
- tracker of my finances
- Zetter Authentication
- Recover audio, images and videos
“Sharkbot” Malware – Installed via Fake Google Play Store Page
It was not until early October 2022 that ThreatFabric detected a new campaign with the “Sharkbot” Trojan. Criminals use apps for this.
- Tax Code 2022
- File Manager Small, Lite
Codice Fiscale addresses smartphone owners in Italy. The app, which has been downloaded more than 100,000 times, is used to calculate taxes. The skill of the programmers is shown in the fact that the application checks if the SIM card registered in Italy. Otherwise, Sharkbot will not download. On the other hand, if an Italian SIM card is detected, a fake Google Play Store page is opened, through which the Trojan is installed on the smartphone instead of an update. The “Sharkbot” then tries to access data from banking apps on the smartphone.
The procedure is identical for the second application “File Manager Small, Lite”. However, the app is aimed at an international clientele, including users from Germany.
Security against Trojans: dangerous applications must be removed immediately
All five apps have since been removed from the App Store. other dangerous applications before. If you have already installed them on your smartphone, you should remove them immediately. This is the only way to avoid the risk of becoming a victim of fraud.