These two dangerous Trojan ‘dropper’ Android apps have already been installed thousands of times

Two Trojans are being distributed to victims across Europe

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new, and rather successful campaign to deliver Trojans toAndroidusers has been uncovered by cybersecurity researchers from Threat Fabric.

The experts warn that ever sinceGooglemade updates to its “Developer Program Policy”, threat actors have been looking for new ways to delivermalwarethrough the Play Store and stay under the radar while doing it.

This new campaign includes multiple droppers, with more than 130,000 downloads between them, deploying two known Trojans to the victims’ mobile endpoints: Sharkbot and Vultur. While Sharkbot’s targets are exclusively Italians, Vultur’s operators are casting a somewhat larger net, targeting not just Italians, but also people in the UK, The Netherlands, Germany, and France.

Fake updates

Sharkbot’s modus operandi is simple: the version found on Google’s mobile app repository is not malicious, but as soon as the user turns it on, it displays a fakePlay Storepage, forcing the victim to “update” the app before using it. “Since victims are sure about the origin of the application, they will highly likely install and run the downloaded Sharkbot payload,” the researchers concluded.

Sharkbot’s goal is to transfer money, from bank accounts belonging to the victims, to the operators, via Automatic Transfer Systems. NCC Group described it as an “advanced technique” rarely used with Android malware, which enables threat actors to auto-fill fields in legitimate mobile banking apps.

These fake Android antivirus apps install a dangerous banking trojan>This Android malware is so dangerous, even Google is worried>Here are the best ID theft protection tools out there

Vultur, on the other hand, targets social media and messaging applications, banking apps and cryptocurrency exchange apps.

Between the two, Vultur seems to be the more successful Trojan, as Threat Fabric says it reached more than 100,000 potential fraud victims in the last few months.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Distribution through droppers on Google Play still remains the most “affordable” and scalable way of reaching victims for most of the actors of different levels,” researchers concluded.

“While sophisticated tactics like telephone-oriented attack delivery require more resources and are hard to scale, droppers on official and third-party stores allow threat actors to reach wide unsuspecting audience with reasonable efforts.”

Via:Security Affairs

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Anker Nebula Mars 3 review: A powerful and truly portable projector