Malware droppers are hard to spot in the wild. They disguise themselves as legitimate login screens, fooling even the savviest of techies. Luckily, Google is making it easier to thwart hackers with a new malware warning.
This pop-up alert can save you from banking Trojans masquerading as app updates. This is a considerable threat, especially if you use banking apps on your phone. Tap or click here for six ways to safely bank from your phone.
Cybersecurity researchers blew the whistle on a new set of malware droppers you need to look out for. They have been downloaded from the Google Play Store 130 thousand times. Your phone could be infected.
Why you should be concerned
Last week, researchers with cybersecurity firm Threat Fabric broke some concerning news. They discovered malicious droppers in apps with over 130,000 installations from the Google Play Store.
If you’re unsure what malware droppers are, here’s a quick breakdown. Cybercriminals know that Google works hard to sniff them out. Thus, bad actors work hard to reduce their malware’s footprint so Google can’t detect foul play.
They evade Google’s eye by distributing malware through droppers on official app stores. To be more specific, they’re spreading SharkBot malware along with Vlutur banking Trojans. Tap or click here for a few fake antivirus apps that put your phone in danger.
These dropper attacks can download, install and launch malicious programs on your smartphone. They keep a low profile because they don’t ask for a suspicious amount of permissions.
Plus, they don’t have malicious code themselves. The malware is often delivered to your device through an update.
Here’s how they get you.
It all starts with fake login prompts
Let’s say you’re using one of the apps in question. The malware dropper may randomly open a fake Google Play Store page that mimics the actual app page. It prompts you to open the app.
Not only that, but cybercriminals go above and beyond to trick you. They’ll show you a convincing update page filled with fake reviews designed to get your guard down. If you accept the update request, you’re taken to your phone’s browser. From there, the dropper will start to inject malware into your phone.
Threat Fabric found two apps that were spreading the SharkBot banking Trojan. One is titled Codice Fiscale 2022 and the other is File Manager Small, Lite. If you have either app on your device, remove it ASAP.
Three droppers were identified to be spreading Vlutur banking Trojans. They include Recover Audio, Images & Videos, Zetter Authentication, and My Finances Tracker.
Bottom line: Be wary of login prompts. These particular scams are so widespread that Google is fighting back with its own prompts.
An Android malware warning can keep you safe
If you see a message from Google saying that downloading an app update may hurt your device, trust it. It’s easy to ignore pop-ups and dismiss them as unimportant. But in this case, listening to Google’s advice can protect your device from hackers.
The Sharkbot dropper mainly targets Italian users, but its code suggests it can also target users in the U.S., Germany, Spain, Poland, Austria and Australia. This threat will likely spread outside Italy, so keep your eyes peeled.