Unlike malicious apps that are dripping with malware making it harder to get listed in the Google Play Store (but sadly not impossible), malware droppers look and behave like your garden-variety apps. But when these apps notify users that an update is ready, they are actually running malware in the background that picks up your banking information and other personal information.
Banking Trojans behave like legitimate apps until you tap the Update button
Fake Play Store listing prompts you to update this malware dropper that actually installs a banking Trojan
Nevertheless, the report mentions that this new banking Trojan is called Sharkbot and that a malware dropper would be an app to help users calculate their taxes in Italy. With over 10,000 installs, “Codice Fiscale” has an innocent-looking listing on the Play Store. When opened on a device, the app will check the country where the handset’s SIM card is registered. If it doesn’t match the code for Italy, no malicious behavior would happen.
Another banking Trojan, this one called Vultur, is distributed by three malware droppers that can also be found in the Play Store: “Recover Audio, Images & Videos”, “Zetter Authentication” and “My Finances Tracker”. The first listed app has over 100,000 installs. Vultur tracks all the taps and gestures of an Android user on his/her phone. Similar to Sharkbot, this trick uses a fake update to load the malware onto a handset.
Uninstall these five apps if they are installed on your Android phone
To combat these malware droppers, we normally recommend checking the comments section for red flags. However, attackers have been known to overload the comments section with fake reviews. And after installing one of these apps for the first time, you may see a fake Google Play Store listing with fake reviews trying to get you to tap the update button. The victim accidentally causes the malware to be loaded on his own phone.
ThreatFabric says it always reports malware droppers in an effort to get them removed from app stores. But just because an app has been removed from an app store doesn’t mean it’s been removed from your phone. So if you have any of these installed on your device, remove it immediately:
- Recover audio, images and videos – 100,000 downloads
- Codice Fiscal 2022 – 10,000 downloads
- Setter authentication – 10,000 downloads
- File Manager Small, Lite – 1,000 downloads
- My Finance Tracker – 1,000 downloads