>
A new and fairly successful campaign to deliver Trojans to Android (opens in new tab) users was discovered by cybersecurity researchers at Threat Fabric.
The experts warn that since Google made updates to its Developer Program Policies, threat actors are looking for new ways to deliver malware through the Play Store while staying under the radar.
This new campaign spans multiple droppers, with more than 130,000 downloads in between, deploying two known Trojans on the victims’ mobile endpoints: Sharkbot and Vultur. While Sharkbot’s targets are exclusively Italians, Vultur’s operators are casting a somewhat larger net not only on Italians, but also people in the UK, Netherlands, Germany and France.
fake updates
Sharkbot’s modus operandi is simple: the version found in Google’s mobile app repository isn’t malicious, but once the user enables it, a fake Play Store page is displayed, forcing the victim to download the app. ‘update’ before using it. Since victims are certain of the origin of the application, they will most likely install and run the downloaded Sharkbot payload, the researchers concluded.
The purpose of Sharkbot is to transfer money from victims’ bank accounts to the operators through automatic transfer systems. NCC Group described it as an “advanced technique” rarely used with Android malware, which allows threat actors to automatically fill in fields in legitimate mobile banking apps.
Vultur, on the other hand, focuses on social media and messaging applications, banking apps, and cryptocurrency exchange apps.
Between the two, Vultur appears to be the most successful trojan, as Threat Fabric says it has reached more than 100,000 potential fraud victims in recent months.
Dropper distribution on Google Play continues to be the most ‘affordable’ and scalable way to reach victims for most actors of all skill levels.
“While advanced tactics such as telephone attack delivery require more resources and are difficult to scale, droppers in official and third-party stores allow them to reach a broad unsuspecting audience with reasonable efforts.”
- Resist viruses and ransomware with the best firewall tools out there
Through: Security matters (opens in new tab)