[ad_1]
In case you missed it, cybersecurity firm ThreatFabric published a report last Friday on the discovery of five malicious Google Play apps masquerading as legitimate services, including financial tracking and tax calculations.
The quintet of apps falls under two relatively new malware families: Vultur and Sharkbot. And yes, they’re just as fierce as they sound (h/t GreenBot).
Five apps you must remove ASAP
Let’s start with a trio of malicious apps that hail from the evil Vultur family: My Finance Tracker: Budget, C, Zetter Validator and Restore Audio, Image & Video. The three apps attracted 1,000+, 10,000+ and 100,000+ downloads respectively.
You might be wondering, “What exactly is Vultur malware?” According to a cybersecurity report, Vultur was first discovered in July 2021. It is an Android banking trojan that steals personally identifiable information (PII) by recording your screen.
“It is also capable of creating a remote session on the device using VNC technology to perform actions on the victim’s device, effectively leading to On-Device Fraud (ODF),” the ThreatFabric report said.
Interestingly, ThreatFabric discovered a new modus operandi related to the three Vultur-injected Google Play apps mentioned above. Not only does it rely on screen streaming to steal information from unwitting victims, but it also uses accessibility logging. In other words, a trio of apps can track your gestures and taps to snoop on your data.
If that wasn’t creepy enough, ThreatFabric also revealed its findings on two applications under the Sharkbot malware family: Fiscal Code 2022 and File Manager, Lite. The former app targets Italian users while the latter targets the Italian language and UK quarry. However, ThreatFabric warns that Android users should not get also comfortable
“Shipped load [from Codice Fiscale 2022 and File Manager, Lite] still has banks from Italy, the UK, Germany, Spain, Poland, Austria, the US and Australia on its target list,” the report said.
What’s scary about this new iteration of Sharkbot is that, unlike previous campaigns, this one slips under the radar more easily because it doesn’t prompt users to accept dubious and dubious permissions.
Once Sharkbot gets its fins on a device, it can steal a user’s banking account credentials and even slip through multi-factor authentication barriers. Despite Google’s changing policies and security, dangerous malware still finds ways to wiggle its way into the Play Store.
“Google Play remains the most ‘affordable’ and scalable way to reach victims for most actors of different levels,” ThreatFabric concluded.
[ad_2]
Source link