Firstly: What is a dropper?
“A dropper is a kind of Trojan that’s been designed to install some sort of malware on a target machine. Malware that’s contained within the dropper is hard to spot because it’s hidden in a way that avoids detection by antivirus programs. The dropper doesn’t contain any malware at the time of installation and may only download it once it’s activated”.
Google warned this week that users are being targeted with a new threat that could attack their bank balances.
Android users have been warned that their phones could be a target for hackers if they use a popular app, recently banned by Google, that uses a sneaky tactic to install Sharkbot malware. If you download it from the Google Play Store, it should be deleted. right Now.
According to the security team at Bitdefender, an antivirus developed by Romania-based company Softwin, the app called X-File Manager is able to sidestep Google’s strict rules by not displaying anything suspicious. When it appears on Google Play.
In fact, the app worked as advertised, and no one knew about the problems it might cause.
Once installed on the device, a pop-up message appears on the screen warning that the app needs a dynamic update. Instead of this upgrade coming through the official Google Play, phone owners are taken to third-party websites where malware is then injected directly into the device.
By using this dropper tactic, Google is less likely to detect the dangerous app or remove it from its store.
Bitfinder explained more about this threat, “When you download an app on Google Play, it is likely that Google will detect that there is malware in the app, so criminals resort to more deceptive methods. One way is to use an app, which is legitimate with some advertised features, and then The app lures users with more features like a dropper that adds more malicious malware in batches.”
X-File Manager is believed to have been downloaded more than 10,000 times, with the majority of installs occurring in the UK.
If you think that you might be one of the unlucky people who got scammed, then you should remove the app without delay because your phone might be infected with “Sharkbot” and that could mean your bank account is in danger.
Sharkbot droppers
Sharkbot droppers are a nasty type of malware that are designed to steal user login credentials, particularly those that are used to login into banking applications. This kind is even capable of bypassing SMS two-factor authentication (2FA) by reading SMS messages to steal authentication codes.
This “evil” malware is fully capable of stealing banking details by installing fake login windows and intercepting data including SMS messages. Once this data is in the hands of hackers, it can be used to steal money and make transactions without the owner’s permission.
“A common feature that we’ve noticed in the past few months is malicious apps coming directly from the Google Play Store,” Bitfinder added. “If something comes from an official store, people might be inclined to think it’s safe. Our research has shown that this isn’t true, multiple times”.
As a guide, before downloading any apps, it’s a good idea to check reviews and look out for negative ones.
Once installed, be careful about updating the app especially if the app starts directing you to websites that have no link to the Google Play Store.
