Cyber security researchers at Threat Fabric discovered a new and quite successful campaign to deliver Trojans to Android users (opens in a new tab).
Experts warn that since Google updated its "Developer Program Policy", threat actors are looking for new ways to spread malware through the Play Store and remain hidden while doing so.
This new campaign includes several droppers, with more than 130 downloads between them, and deploys two known Trojans on victims' mobile devices: Sharkbot and Vultur. While Sharkbot's targets are exclusively Italian, the Vultur operators cast a slightly wider net, targeting not only Italians, but also the UK, the Netherlands, Germany and France.
fake updates
Sharkbot's modus operandi is simple: the version found in Google's mobile app repository is not malicious, but as soon as the user turns it on, it displays a fake Play Store page, forcing the victim to " update" the application before using it. that. "Since victims are sure of the application's origin, they will most likely install and run the downloaded Sharkbot payload," the researchers concluded.
Sharkbot's objective is to transfer money, from bank accounts belonging to the victims, to the operators, through automatic transfer systems. NCC Group described it as an "advanced technique" rarely used with Android malware, which allows hackers to auto-fill fields in legitimate mobile banking apps.
Meanwhile, Vultur focuses on social media and messaging apps, banking apps, and cryptocurrency exchange apps.
Between the two, Vultur appears to be the more successful Trojan, with Threat Fabric claiming that it has reached over 100 potential fraud victims in recent months.
"Distribution via droppers on Google Play remains the most 'affordable' and scalable way to reach victims for most actors at different levels," the researchers concluded.
"While sophisticated tactics, such as launching attacks over the phone, require more resources and are difficult to scale, droppers in official and third-party stores allow threat actors to reach large, unsuspecting audiences with reasonable efforts."
- Resist viruses and ransomware with the best firewall tools available
Via: Security Matters (Opens in a new tab)