SharkBot Trojan Returns to Infect Thousands of Users

More details 

• Once downloaded, the apps checked for at least one of the targeted banking apps before asking for permission to install external packages that caused the download of the malware.
• While the fake apps installed the SharkBot sample in the background, the user is tricked into thinking that an update to the app was being downloaded.
• Some of the targeted apps were X-File Manager, FileVoyager, LiteCleaner, PhoneAID, and Cleaner Booster.

Previous attack incident

• In September, an improved version of SharkBot infiltrated the store via two malicious apps that had been downloaded over 60,000 times globally.
• The two malicious apps were tracked as Mister Phone Cleaner and Kylhavy Mobile Security and the campaign affected users in Spain, Austria, Germany, Poland, and the U.S.
• The updated features included the ability to detect the action of a victim opening a banking application and performing an overlay attack to steal credentials. 

Google Play Store remains a go-to attack vector

• Recently, Malwarebytes uncovered a set of four malicious Android apps on the Google Play Store, redirecting victims to infectious websites that dispersed adware and information-stealing malware. 
• The apps—Bluetooth Auto Connect; Driver: Bluetooth, Wi-Fi, USB; Bluetooth App Sender; and Mobile transfer: smart switch—had collectively amassed at least a million downloads before being removed.  
• In a different incident, the Play Store removed 16 apps propagating Clicker. The Android malware had infected over 20 million users. 

Bottom line