Security News > 2022 > November > This Android File Manager App Infected Thousands of Devices with Sharkbot Malware
The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace's restrictions.
SharkBot, first discovered towards the end of 2021 by Cleafy, is a recurring mobile threat distributed both on the Google Play Store and other third-party app stores.
One of the trojan's primary goals is to initiate money transfers from compromised devices via a technique called "Automatic Transfer System", in which a transaction triggered via a banking app is intercepted to swap the payee account with an actor-controlled account in the background.
LiteCleaner M is still available for download from a third-party app store called Apksos, which also houses a fourth SharkBot artifact by the name "Phone AID, Cleaner, Booster".
The X-File Manager app, which is only accessible to users in Italy, attracted over 10,000 downloads before it was removed.
That's because Google's Developer Program Policy restricts the permission to install external packages to a handful of app categories: web browsers, instant messengers that support attachments, file managers, enterprise device management, backup and restore, and device transfer.
News URL
https://thehackernews.com/2022/11/this-android-file-manager-app-infected.html
Related news
- Android malware uses NFC to steal money at ATMs (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)
- Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide (source)
- New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram (source)
- New Vo1d malware infects 1.3 million Android TV streaming boxes (source)
- New Vo1d malware infects 1.3 million Android streaming boxes (source)