Remove these 3 malicious Android apps ASAP because they steal your banking information

News Summary:

  • In case you missed it, cybersecurity firm ThreatFabric published a report last Friday on discovering five malicious Google Play apps posing as legitimate services, including tracking finances and calculating taxes.

  • Hackers will stop at nothing to steal your hard-earned money.

The five apps fall under two relatively new malware families: Vultur and Sharkbot. And yes, they are just as nasty as they sound.

Let’s start with the malicious trio of apps that stem from the rogue Vultur family:

The five apps you should remove as soon as possible:

My Finances Tracker: Budget, C, Zetter Authenticator, and Recover Audio, Images & Videos. The three apps attracted 1,000+, 10,000+ and 100,000+ downloads, respectively.

You may be wondering, “What exactly is Vultur malware?” According to the cybersecurity report, Vultur was first discovered in July 2021. It is an Android banking trojan that steals personally identifiable information (PII) by recording your screen.

“It is also capable of creating a remote session on the device using VNC technology to perform actions on the victim’s device, effectively leading to On-Device Fraud (ODF),” according to the ThreatFabric report.

Interestingly, ThreatFabric discovered a new, disturbing modus operandi among the three Google Play apps injected by Vultur mentioned earlier. Not only does it rely on screen streaming to steal information from unwitting victims, but it also uses accessibility logging. In other words, the three apps can track your gestures and taps to spy on your data. As if that wasn’t scary enough, ThreatFabric also revealed its findings on two apps from the Sharkbot malware family: Codice Fiscale 2022 and File Manager, Lite. The first app targets Italian users while the second targets Italian and British quarry. However, ThreatFabric warns that Android users should not get too comfortable.

“The delivered payload [of Codice Fiscale 2022 and File Manager, Lite] still has banks from Italy, UK, Germany, Spain, Poland, Austria, US and Australia in its target list,” the report said. The frightening thing about this new version of Sharkbot is that, unlike previous campaigns, it disappears under the radar more easily because it does not ask users to accept suspicious, shady permissions.

When Sharkbot puts its fins on a device, it can steal users’ banking information and even slip through the barriers of multi-factor authentication. Despite Google’s policies and security changes, dangerous malware still finds its way to the Play Store. “Google Play still remains the most ‘affordable’ and scalable way to reach victims for most actors of different levels,” concludes ThreatFabric.