A new, and quite successful campaign to introduce Trojans Android(Opens in a new window)Threat Fabric security researchers exposed the users.
Experts warn that threat actors are now looking for new ways of providing security services, after Google updated its Developer Program Policy. MalwareYou can use the Play Store to keep your identity hidden.
The new campaign includes multiple trains and more than 130,000 downloads. Vultur and Sharkbot are two well-known Trojans that target victims’ mobile devices. Sharkbot targets only Italians. Vultur operators cast a larger net, targeting not only Italians, however, but also people in the UK and Netherlands, Germany, France, and Germany.
Fake updates
Sharkbot works by using a simple mechanism: The version in the Google mobile application repository is not malicious. However, once the victim launches it it will show a fake Play Store Page, forcing them to “refresh” their app before they use it. Researchers concluded that victims are more likely to download and run the Sharkbot payload, since they know the app’s source.
Sharkbot’s goal, according to the NCC Group, is to transfer funds from victims’ bank accounts to operators using automated transfer systems. NCC Group calls it an “advanced technique” that is not commonly used with Android malware. It allows threat agents to automatically fill in the fields in legitimate mobile banking applications.
Vultur, on the other hand, targets messaging, social media, and cryptocurrency exchange app apps.
Vultur seems to be the more successful Trojan of the two, Threat Fabric claiming it has reached over 100,000 potential fraud victims within the past few months.
Researchers concluded that “distribution by trains on Google Play is still the most expensive and scalable way to reach victims” for most actors of all levels.
“Whereas complex tactics such as targeted phone-delivery attacks require more resources and are difficult to scale, trains in official and third-party stores allow threat actors to reach a reassured broad audience with reasonable efforts.”
- Software can be used to combat ransomware and viruses best firewallTools available
Across: security affairs(Opens in a new window)
Source link
[Denial of responsibility! reporterbyte.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – reporterbyte.com The content will be deleted within 24 hours.]
