Five malicious dropper Android apps with over 130,000 cumulative installations have been discovered on the Google Play Store distributing banking trojans like SharkBot and Vultur, which are capable of stealing financial data and performing on-device fraud.
“These droppers continue the unstopping evolution of malicious apps sneaking to the official store,” Dutch mobile security firm ThreatFabric told The Hacker News in a statement.
“This evolution includes following newly introduced policies and masquerading as file managers and overcoming limitations by side-loading the malicious payload through the web browser.”
Targets of these droppers include 231 banking and cryptocurrency wallet apps from financial institutions in Italy, the U.K., Germany, Spain, Poland, Austria, the U.S., Australia, France, and the Netherlands.
Dropper apps on official app stores like Google Play have increasingly become a popular and efficient technique to distribute banking malware to unsuspecting users, even as the threat actors behind those campaigns continually refine their tactics to bypass restrictions imposed by Google.
images from Hacker News