The SharkBot trojan made a comeback in a new campaign targeting Android users. Distributed via Google Play Store, the Android malware targeted users in the U.K. and Italy.
More details
According to Bitdefender researchers, the trojan masqueraded as Android utility apps that were installed thousands of times.
Once downloaded, the apps checked for at least one of the targeted banking apps before asking for permission to install external packages that caused the download of the malware.
While the fake apps installed the SharkBot sample in the background, the user is tricked into thinking that an update to the app was being downloaded.
Some of the targeted apps were X-File Manager, FileVoyager, LiteCleaner, PhoneAID, and Cleaner Booster.
Previous attack incident
This is not the first time when SharkBot operators used the Google Play Store to infect users.
In September, an improved version of SharkBot infiltrated the store via two malicious apps that had been downloaded over 60,000 times globally.
The two malicious apps were tracked as Mister Phone Cleaner and Kylhavy Mobile Security and the campaign affected users in Spain, Austria, Germany, Poland, and the U.S.
The updated features included the ability to detect the action of a victim opening a banking application and performing an overlay attack to steal credentials.
Google Play Store remains a go-to attack vector
Despite the repeated actions taken by Google to remove malicious apps, the official Play Store app remains a go-to-attack vector for cybercriminals.
Recently, Malwarebytes uncovered a set of four malicious Android apps on the Google Play Store, redirecting victims to infectious websites that dispersed adware and information-stealing malware.
The apps—Bluetooth Auto Connect; Driver: Bluetooth, Wi-Fi, USB; Bluetooth App Sender; and Mobile transfer: smart switch—had collectively amassed at least a million downloads before being removed.
In a different incident, the Play Store removed 16 apps propagating Clicker. The Android malware had infected over 20 million users.
Bottom line
Android malware infection via Google Play Store still remains a significant security concern owing to its scope of reaching as many victims as possible. Therefore, users are recommended to check the reviews before installing them or monitoring the apps for malicious activity.