Security News > 2022 > November > This Android File Manager App Infected Thousands of Devices with Sharkbot Malware

The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace's restrictions.

SharkBot, first discovered towards the end of 2021 by Cleafy, is a recurring mobile threat distributed both on the Google Play Store and other third-party app stores.

One of the trojan's primary goals is to initiate money transfers from compromised devices via a technique called "Automatic Transfer System", in which a transaction triggered via a banking app is intercepted to swap the payee account with an actor-controlled account in the background.

LiteCleaner M is still available for download from a third-party app store called Apksos, which also houses a fourth SharkBot artifact by the name "Phone AID, Cleaner, Booster".

The X-File Manager app, which is only accessible to users in Italy, attracted over 10,000 downloads before it was removed.

That's because Google's Developer Program Policy restricts the permission to install external packages to a handful of app categories: web browsers, instant messengers that support attachments, file managers, enterprise device management, backup and restore, and device transfer.

News URL

https://thehackernews.com/2022/11/this-android-file-manager-app-infected.html