Unlike rogue apps that are loaded with malware, making it harder to get listed in the Google Play Store (but not impossible, unfortunately), malware droppers look and act like your backyard apps. But when these apps notify users that an update is ready, what is actually installed is malware running in the background that grabs your banking information and other personal data.
Banking Trojans Act Like Legit Apps Until You Hit the Update Button
Fake Play Store listing asks you to update this malware dropper that actually installs a banking trojan
Nevertheless, the report mentions that this new banking Trojan is called Sharkbot and a malware dropper claims to be an application to help users calculate their taxes in Italy. With over 10,000 installs, “Codice Fiscale” has an innocent-looking listing in the Play Store. If opened on a device, the application checks the country in which the handset’s SIM card is registered. If it didn’t match Italy’s code, no malicious behavior would take place.
Another banking Trojan, this one called Vultur, was delivered by three malware droppers also found in the Play Store: “Recover Audio, Images & Videos”, “Zetter Authentication”, and “My Finances Tracker”. The first app listed has over 100,000 installs. Vultur keeps track of all taps and gestures performed by an Android user on their phone. Similar to Sharkbot, this scheme uses a fake updater to load the malware onto a handset.
Uninstall these five apps if they have been installed on your Android phone
To combat these malware droppers, we normally suggest checking the comments section for red flags. However, attackers have been known to load the comments section with fake reviews. And after the initial installation of any of these apps, you might see a fake Google Play Store listing with fake reviews in an attempt to make you hit the update button. The victim himself inadvertently causes the malware to load on his own phone.
ThreatFabric says it always flags malware droppers in an effort to get them removed from app stores. But just because an app is removed from an app store doesn’t mean it’s been removed from your phone. So, if any of these are installed on your device, uninstall it immediately:
- Recover audio, images and videos – 100,000 downloads
- Tax Code 2022 – 10,000 downloads
- Zetter authentication – 10,000 downloads
- File Manager Small, Lite – 1,000 downloads
- My Finances Tracker – 1,000 downloads