Tech giant Google has issued further warnings about malicious software that is available to download from its Play Store. Whilst Google is fairly vigilant in its removal of such software, already there have been tens of thousands of downloads of the apps by users.
Discover our latest podcast
Security experts at Malwarebytes discovered the dangerous software listed on the Google Play store. The apps were loaded with malware that directed unwitting users to phishing websites, which would then collect the users' sensitive data, according to The Mirror.
Which apps?
Cybersecurity researchers from Bitdefender recently discovered the four latest malicious apps:
- X-File Manager
- FileVoyager
- PhoneAID, Cleaner Booster 2.6
- LiteCleaner M
These four apps were downloaded at least 16,000 times and were distributed by Sharkbot - a known banking trojan malware. TechRadar reports:
The apps are disguised as utility solutions - three are file management apps, while the fourth one is a memory and phone cleaning app. That way, the researchers suggest, the attackers were hoping not to raise suspicion when the apps start asking for all kinds of permissions.
How they work
Sharkbot operates by shadowing legitimate banking apps and then steals the user’s information when they log in and it is for this reason that they went undetected for so long. TechRadar reports:
It seems the apps managed to trick Google’s security checks by not actually delivering the malware upon installation. Rather, the app will trigger an ‘update’ at a later stage, which is when the trojan is deployed.
If you have any of these apps on your phone the first thing to do is to delete them. This will stop any further security breaches. However, it is then important to change any passwords to your banking accounts, as you are at risk until you do so.
To protect against any further attacks, it would be prudent to keep the Play Protect service enabled and an Android antivirus app active.
Sources used:
- The Mirror 'Google bans four more Android apps and millions warned to delete them now''
- TechRadar 'Malicious apps masquerade as Android file managers to spread malware'