Cybersecurity firm Threat Fabric has released a report warning of five Android apps that could steal personal banking data stored on your smartphone.

The quintet of apps falls under two relatively new malware families: Vultur and SharkBot. And yes, they're every bit as vicious as they sound.

The Vultur malware is designed to "automatically open a web page and click on advertisements," while Sharkbot can "steal information about the victim's device, including contacts, SMS messages, and information about Wi-Fi networks."

Delete these five apps immediately

  • Recover Audio, Images & Videos (100,000 downloads)
  • Codice Fiscale 2022 (10,000 downloads)
  • Zetter Authentication (10,000 downloads)
  • File Manager Small, Lite (1,000 downloads)
  • My Finances Tracker (1,000 downloads)

The app Codice Fiscale, which has over 10,000 installs, checks the country in which your SIM is registered and opens a shady Codice Fiscale Play Store web page.

Afterward, it'll show you an update is available for the app, and tapping on it'll begin loading the banking Trojan. Some browsers might warn users about this malicious update before downloading it. However, if the code doesn't match with Italy, no mischievous activity will occur.

Another app called "File Manager Lite" is preying on banking apps used in the U.K., Austria, Italy, Germany, Spain, Poland, the U.S., and Australia.

These apps are loaded with a Trojan called Sharkbot, which is designed to steal your login credentials, bank account number, and other financial information. This data helps the attackers to steal money from your bank account. At a glance, these Trojan malware-loaded apps look like legitimate apps.

What is SharkBot malware and how does it work?

The SharkBot banking Trojan was first discovered in 2018. It was found to target crypto apps, with a specific focus on those belonging to exchanges and trading services. The malware would steal the victim's login information, allowing the hackers to use their account for malicious activities.

Here's how it works:

The malicious software creates an account on your device using your personal information and then logs into your account on a targeted crypto exchange to steal your login data. Additionally, the malware attempts to obtain your two-factor authentication code from your authentication app - which if successful, gives the hacker access to use your account for nefarious activities.

Oftentimes, the malware is used to withdraw money from your account or purchase more cryptocurrency without your knowledge.

How to detect the SharkBot malware?

The malware is difficult to detect, so it's best to be vigilant for any suspicious activity. Here are some warning signs that your phone might be infected:

  • You may notice unusual activity on your credit card or bank statements.
  • You get an email from your bank with a password reset request that you didn't trigger.

In general, it's always best to be cautious when it comes to online security. So, if you see anything out of the ordinary, don't hesitate to reach out to your bank or take other measures to protect your account.

Malware
Pixabay