Buzz
Although these fake apps have been removed from the app store, they may still exist on users' devices who have downloaded and installed them. As shown in the screenshot below, thousands of Android users have downloaded this malicious app.
File management apps on Android may steal users' information.
According to Bleeping Computer, the malicious software SharkBot is attempting to steal users' bank accounts by displaying fake login forms on legitimate login prompts on banking apps. If users enter their login names and passwords into the fake form, this information will be sent to cybercriminals, who can then use it to access users' bank accounts and steal their money.
Previously, as reported by Mytour.vn in September, the malicious software SharkBot was distributed and disguised as a phone cleanup app. However, it seems that the threat actors have now shifted their focus to new targets, such as file management apps. X-File Manager is one such app, although the app with over 10,000 downloads has now been removed from the Google Play Store.
After users download and install, SharkBot will request various permissions, including reading and writing external memory, installing and uninstalling packages, accessing account information. Naturally, since this is a file management app, users will have no suspicions and grant access.
Finally, the app will download malicious payloads and prompt users to install an update. In reality, users are installing the SharkBot malware without their knowledge.
These campaigns target specific users in the United Kingdom and Ireland, as well as banks such as Barclays, Bank of Ireland Mobile Banking, Santander Mobile Banking, and HSBC UK Mobile Banking.
Other apps used by cybercriminals to distribute malware include 'FileVoyager', 'Phone AID, Cleaner, Booster', and 'LiteCleaner M'. Users are advised to uninstall these apps as soon as possible.
