Android users are being warned, once again, that their phones could be at risk from hackers and this time it’s those in the UK that appear most vulnerable. A popular app, which was recently been banned by Google, has been using a sneaky tactic to install the vicious bank hacking Sharkbot malware onto devices and if you downloaded it from the Play Store you must delete it now.
According to the security team at Bitdefender, the application called X-File Manager was able to avoid Google’s strict rules by not featuring anything sinister when appearing on the Play Store.
In fact, the app worked as advertised and nobody would ever know that anything was wrong.
However, once installed onto a device, a pop-up message soon appears on the display warning that the application needs a vital update. Instead of this upgrade coming via the official Play Store, phone owners are taken to third-party websites where malware is then deposited right onto the device.
By using this so-called “Dropper” tactic, it’s less likely that Google will ever discover the dangerous application or remove it from its store.
Explaining more about this tactic, Bitdefender said: “The Google Play Store would likely detect a trojan banker uploaded to their repository, so criminals resort to more covert methods. One way is with an app, sometimes legitimate with some of the advertised features, that doubles as a dropper for more insidious malware.”
It’s thought that X-File Manager was downloaded over 10,000 with the majority of installs taking place in the UK.
If you think you may have been one of the unlucky ones to be duped you must remove the app without delay as your phone may be infected with Sharkbot and that could mean your bank account is at risk.
This vicious malware is fully capable of stealing bank details. Once this data is in the hands of hackers it can then be used to siphon money and make transactions without the owner’s permission.
“A common theme we’ve noticed in the last few months consists of malicious apps distributed directly from the Google Play Store. If something comes from an official store, people could be inclined to believe it’s safe. Our research has shown this to be false, many times over.”
As a guide, before downloading any apps it’s a good idea to check the reviews and look out for negative comments.
Once installed, be careful about updating the app especially if the application starts directing you to websites that have no affiliation with the Play Store.
