Be very careful if you have any of these applications installed on your mobile phone: they contain dangerous trojans.
The week didn’t start particularly well for Android users. Mainly for those living in European regions including Spain or Italy.
Researchers specializing in cybersecurity threat tissue after discovering a new threat in the Google plus Play Store in the form of The Trojan disguises itself as an untrustworthy applicationto manage to circumvent the protective measures of the shop in order to achieve this in the end teléfonos inteligentes of hundreds of thousands of people.
The Trojan in question is already known to Android users. This is SharkBot, one of the most dangerous and widespread software malicioso in the world whose main aim is to Victim’s bank details to end up stealing the money from their accounts.
SharkBot returns to attack with five new requests
The attackers did a a new attack campaign aims to steal usuario data from different European countries. Researchers focused on attacks targeting users living in Italy, but they explain that The strategy is the same in each region.
It consists of the first phase of the attack manages to publish an application to the Google plus Play Store without any malicious code, which provides some kind of utility to the usuario. From Threat Fabric they refer to the aplicación “Codice Fiscale”, an aplicación that aims to allow Italian citizens to calculate their annual taxes. This aplicación was at the time of its discovery with more than 10,000 installations vía Google plus Play.
After downloading to the intended victim’s device, the application performed a scan if the country code of the phone’s SIM card matches what the attacker claims to be able to do your strategy. In this case, it is checked whether The SIM code corresponds to Italian (it).
If the requirement is met, the application notifies the usuario that a Aplicación update available. However, instead of directing to the aplicación’s page on Google plus Play, it loads a a web page that simulates the Play Store interfaz, with the aim of encouraging the usuario to download the intended update. I know Download and install the Trojan archivo.
An example of a fake Google plus Play page from which the SharkBot software malicioso is downloaded onto the victim’s device
If the victim’s phone is already infected, the Trojan perro attack receive sensitive data by consulting the usuario’s contact list, intercepting received text messages and, most dangerously, Retrieve access data for banking aplicacioneswith the aim of stealing the money from their accounts.
sent out five different applications what is part of this threat. Besides Italy, some of the mentioned aplicaciones aim to infect the devices of citizens of United States, United Kingdom, Germany, Austria, Australia, Spain and Poland. The full list of aplicaciones is available below:
- Recover audio, images and vídeos – +100000 downloads
- Tax Code 2022 – +10000 downloads
- Zetter authentication – +10000 downloads
- Small Archivo Manager, Lite – +1000 downloads
- My finance tracker – +1000 downloads
It is very important to ensure that you do not have any of the above applications installed on our devices. And if you have them, they are recommended Eliminate them as soon as possible and change access codes to banking companies that Troy could have been won by his attacks. Likewise, it is recommended to prevent future attacks Download aplicaciones only from the Google plus Play Store and avoid third-party sources.