About 4 months ago
Multiple apps listed on the Google Play Store are posing as harmless file managers which infects android phones and tablets with harmful sharbot banking trojan.
According to report by bitdepfender apps do not carry harmful trojan itself but it payloads upon installation to evade detection when submitted on Google Play but instead fetch it later from a remote resource to infect smart devices with trojan. Since these apps are file manager, they permissions need for dangerous sharkbot banking malware is being completly ignored. It’s a part of targeted campaign because performs anti-emulation checks to evade detection while only loading Sharkbot on Great British or Italian SIMs.
Sharkbot is fetched as fake program update, which file manager prompts the user to approve before installing and it tragets the information related to banking apps while impersonating login forms found inside the banking apps itself. The infected apps X-File Manager and FileVoyager are not available on playstore. Both apps target the financial institutions in Italy and the UK.
Another Sharkbot trojan loading app spotted by Bitdefender is LiteCleaner M which amassed 1,000 downloads before it got spotted and removed from the Play Store. Currently, this app is only available via third-party app stores. You can avoid this harful trojan by installing mobile security antivirus application which helps to detect malicious traffic and apps, even before they are reported to Google Play.
Further coverage: BleepingComputer
