- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
SharkBot Malware Found in Android File Manager Apps With Thousands of Downloads
Variants of the SharkBot malware were found in several file manager Android apps on the Google Play Store, some of them with thousands of downloads.
While the apps have now been taken down by Google, security researchers at Bitdefender published an advisory earlier this week to describe the threat.
“The Google Play Store would likely detect a trojan banker uploaded to their repository, so criminals resort to more covert methods,” reads the technical write-up.
“One way is with an app, sometimes legitimate with some of the advertised features, that doubles as a dropper for more insidious malware.”
This was the case with several file manager apps, which were disguised as such to justify the request for permission to install external packages from the user.
“Of course, that permission is used to download malware,” Bitdefender wrote. “As Google Play apps only need the functionality of a file manager to install another app and the malicious behavior is activated to a restricted pool of users, they are challenging to detect.”
Additionally, while the apps discovered by the team are no longer available on the Google Play Store, they can still be found in different third-party stores, making them a current threat.
The first analyzed by the Bitdefender team was ‘X-File Manager,’ developed by ‘Viktor Soft ICe LLC’ and counting over 10,000 installs before it was deleted. ‘FileVoyager’ was the second one, created by ‘Julia Soft Io LLC’ and counting roughly 5,000 downloads.
Bitdefender found two more apps following the same pattern, but they were never available on the Google Play store. They are called ‘Phone AID, Cleaner, Booster’ and ‘LiteCleaner M’ and were discovered on the web through third-party app stores.
The majority of users who downloaded the malicious apps were from the United Kingdom (80.6%) and Italy (16.2%), with a small minority in other countries.
More information about each individual malware app is available in the Bitdefender advisory. Its publication comes weeks after cybersecurity experts at Cleafy suggested the Android banking Trojan Vultur has reached more than 100,000 downloads on the Google Play Store.
