1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • These two dangerous Trojan 'dropper' Android apps have already be

    From TechnologyDaily@1337:1/100 to All on Mon Oct 31 20:45:03 2022
    These two dangerous Trojan 'dropper' Android apps have already been installed thousands of times

    Date:
    Mon, 31 Oct 2022 20:29:57 +0000

    Description:
    Two Trojans eith over 130,000 installs are being distributed to victims
    across Europe.

    FULL STORY ======================================================================

    A new, and rather successful campaign to deliver Trojans to Android users has been uncovered by cybersecurity researchers from Threat Fabric.

    The experts warn that ever since Google made updates to its Developer Program Policy, threat actors have been looking for new ways to deliver malware through the Play Store and stay under the radar while doing it.

    This new campaign includes multiple droppers, with more than 130,000
    downloads between them, deploying two known Trojans to the victims mobile endpoints: Sharkbot and Vultur. While Sharkbots targets are exclusively Italians, Vulturs operators are casting a somewhat larger net, targeting not just Italians, but also people in the UK, The Netherlands, Germany, and France. Fake updates

    Sharkbots modus operandi is simple: the version found on Googles mobile app repository is not malicious, but as soon as the user turns it on, it displays a fake Play Store page, forcing the victim to update the app before using it. Since victims are sure about the origin of the application, they will highly likely install and run the downloaded Sharkbot payload, the researchers concluded.

    Sharkbots goal is to transfer money, from bank accounts belonging to the victims, to the operators, via Automatic Transfer Systems. NCC Group
    described it as an advanced technique rarely used with Android malware, which enables threat actors to auto-fill fields in legitimate mobile banking apps. Read more

    These fake Android antivirus apps install a dangerous banking trojan


    This Android malware is so dangerous, even Google is worried


    Here are the best ID theft protection tools out there

    Vultur, on the other hand, targets social media and messaging applications, banking apps and cryptocurrency exchange apps.

    Between the two, Vultur seems to be the more successful Trojan, as Threat Fabric says it reached more than 100,000 potential fraud victims in the last few months.

    Distribution through droppers on Google Play still remains the most
    affordable and scalable way of reaching victims for most of the actors of different levels, researchers concluded.

    While sophisticated tactics like telephone-oriented attack delivery require more resources and are hard to scale, droppers on official and third-party stores allow threat actors to reach wide unsuspecting audience with
    reasonable efforts. Resist viruses and ransomware with the best firewall
    tools around

    Via: Security Affairs



    ======================================================================
    Link to news story: https://www.techradar.com/news/trojan-dropper-apps-on-the-google-play-store-ha ve-amassed-over-130000-installs/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)