- Tram Ho
Unlike other easily detectable harmful apps that are slowly being phased out in the Google Play Store, virus software drops can disguise themselves as useful apps you’re used to seeing. But when the user updates this app, what is actually being installed is malware that runs in the background to get your banking information and personal data.
These banking Trojans act like a genuine app until you hit the “Update” button.
In a new blog post, Amsterdam-based computer support company Threat Fabric warns Android users about a new banking Trojan designed to steal login credentials, account numbers, and other financial information. your account and thereby help these thieves break into your bank account.
Just like the Greek horse of Troy, which was thought to be a gift to the city of Troy, is actually filled with Greek soldiers inside, the Trojan malware also deceives users by dressing up as of a legitimate application.
However, the report mentions that there is a new type of banking Trojan called Sharkbot that has a feature that helps users in Italy calculate their taxes. With over 10,000 installs, “Codice Fiscale” looks pretty reputable on the Play Store’s app listing. If opened on a device, this app checks whether the device’s SIM card is registered in which country. If it doesn’t match the Italian SIM code, no malicious behavior will occur.
If opened on a phone with an Italian SIM, the app will open a fake Play Store page with a bogus listing of “Codice Fiscale” and announce that the update is ready, which all users can will press. Although there are some browsers that can warn users about this dangerous action, phone owners can still feel safe because the app has been installed from the Google Play Store and continues to update.
What is actually loaded on the phone is the banking Trojan mentioned above. And if you think you’re safe from having your personal banking information stolen because you don’t live in Italy, then you need to rethink this thinking. Another app, “File Manager Small, Lite”, targets banking apps used in other countries such as the US, UK, Austria and Australia, Italy, Germany, Spain and Poland.
A Trojan named Vultur broken down into three different malware was also found in the Play Store: “Recover Audio, Images & Videos”, “Zetter Authentication”, and “My Finances Tracker”. The first app listed has over 100,000 installs. Vultur tracks all the actions and gestures of Android users on their phones. Similar to Sharkbot, this Trojan’s trick is to use a fake update to install malware on the user’s phone device.
Uninstall these five apps if they are already installed on your Android device
To combat these virus drops, we would normally recommend checking the comments section for signs of a malicious app. However, scammers regularly post fake reviews, and after installing one of these apps, you may see a bunch of fake reviews on the Google Play Store trying to convince you to update the software. . That way, the victim unwittingly gave them access to their phone.
Threat Fabric says it’s always trying to report these pieces of software in an effort to remove them from the app stores. But just because it was removed from the app store doesn’t mean it has been removed from your phone. So if you have one of these apps installed on your device, uninstall it immediately:
– Recover Audios, Images & Videos – 100,000 downloads
– Codice Fiscale 2022 – 10,000 downloads
– Zetter Authentication – 10,000 downloads
– File Manager Small, Lite – 1,000 downloads
– My Finances Tracker – 1,000 downloads
Threat Fabric adds: “This way of distributing banking Trojans on Android is very dangerous because the victim can remain unsuspecting for a long time and not notify the bank about suspicious transactions that are detected. implementation without their knowledge. Therefore, it is important for organizations to take measures to detect fraudulent applications and suspicious behavior taking place on customers’ devices.”
Source : Genk