Some apps bypass security in the Google Play Store. They look inconspicuous, but behind them lie dangerous Trojans.
Munich / Dortmund – Many people do their banking with their smartphones. To do this, they download applications from providers such as Sparkasse, Volksbank or N26. But these apps are not always what they claim. As cybercriminals are increasingly using the growing popularity of this type of banking for their own purposes, Merkur.de reports.
The bank account is in danger: these apps should be deleted from your smartphone immediately
Like an e-magazine technology book According to the report, criminals use so-called dropper apps to install malware on smartphones. These apps can be downloaded from the Google Play Store as usual.
The user also does not suspect, because the application fulfills its purpose. Only when the Dropper app requests an update and the user agrees to install malware, for example Trojans that pass on account data stored on the smartphone to criminals (more digital news in RUH24).
In a blog post published in October 2022, Dutch cybersecurity firm ThreatFabric reported two major campaigns using five dropper apps to smuggle Trojans “Vultur” and “Sharkbot” on smartphones.
Banking apps have become a trap – up to 100,000 downloads in the Google Play Store
ThreatFabric was discovered by “Vultur” back in July 2021. The malware steals personal data via keylogging. This means that the malware can read the entries on the smartphone screen, for example the password for a banking app, and redirect them to the criminals. The malware is even able to start a remote session and thus perform actions on the devices.
Recently, ThreatFabric found three new dropper apps for “Vultur” on the Google Play Store, which have garnered between 1,000 and 100,000 downloads. These are the following applications:
- track my money
- Zetter authentication
- Restore audio, photos and videos
Some apps bypass security in the Google Play Store. You have already been downloaded 100,000 times.
© Cavan Images / Imago
My Finances Tracker or File Manager Small: Deleting apps for sure – Trojan risk
It wasn’t until the beginning of October 2022 when ThreatFabric discovered a new campaign with the “Sharkbot” Trojan. Criminals use apps for this:
- Code Fiscale 2022
- File manager small, lite
Codice Fiscale is aimed at smartphone owners in Italy. The app, which has been downloaded more than 100,000 times, is used to calculate taxes. The fact that the app checks if the SIM card is registered in Italy shows how smart the programmers work.
If not, Sharkbot will not be downloaded. On the other hand, if an Italian SIM card is detected, a fake Google Play Store page opens, through which the Trojan is installed on the smartphone instead of the update. Then Sharkbot tries to access the data from the banking apps on the smartphone.
The procedure is similar to the second application “File Manager Small, Lite”. However, the app is aimed at international customers, including users from Germany.
Security against Trojans on the smartphone: dangerous apps must be deleted immediately
The five apps have since been removed from the App Store, like the other dangerous apps that came before it. If you have already installed it on your smartphone, you should delete it immediately. Only then is the risk of becoming a victim of fraud avoided.
Theme list image: © Cavan Images / Imago
