Skip to main content

[News] SharkBot Malware | File Manager App Infected Thousands of Devices

File Manager App Infected Thousands of Devices with SharkBot Malware

Introduction

In a concerning development, a notorious Android banking fraud malware named SharkBot has once again infiltrated the official Google Play Store, this time disguised as file manager apps. Despite the marketplace's strict restrictions, the malware managed to bypass security measures and infected thousands of devices. This blog post explores the impact of SharkBot, its distribution tactics, and the steps users can take to protect themselves from such threats. Let's dive in!

SharkBot: The Menace Returns

Initially discovered by Cleafy in late 2021, SharkBot is a persistent mobile threat that has targeted both the Google Play Store and various third-party app stores. This time, the malware took the form of seemingly harmless file manager apps, making it difficult for unsuspecting users to identify the threat. According to Romanian cybersecurity company Bitdefender, the majority of affected users were located in the United Kingdom and Italy.

The Tactics: Silent Invasion and Financial Fraud

SharkBot's primary objective is to initiate unauthorized money transfers from compromised devices. It accomplishes this through a technique known as "Automatic Transfer System" (ATS). When a user triggers a transaction using a banking app, SharkBot intercepts it and replaces the payee account with an account controlled by the threat actors. This surreptitious process occurs in the background, leaving users unaware of the fraudulent activity taking place. Furthermore, SharkBot employs fake login overlays to steal banking credentials from unsuspecting victims.

Disguise and Infiltration: The Rogue File Manager Apps

The malicious file manager apps employed by SharkBot were cunningly designed to appear legitimate while serving their nefarious purposes. These apps often masquerade as antivirus software or cleaners, allowing them to slip past Google's security checks and gain entry to the Play Store. Once installed on a device, these seemingly innocent apps become droppers, fetching and installing the actual malware payload. The following apps were identified as carriers of SharkBot:

  1. X-File Manager (com.victorsoftice.llc) - Over 10,000 downloads
  2. FileVoyager (com.potsepko9.FileManagerApp) - Over 5,000 downloads
  3. LiteCleaner M (com.ltdevelopergroups.litecleaner.m) - Over 1,000 downloads

Fortunately, these apps have been removed from the Play Store. However, it's worth noting that LiteCleaner M is still available for download from a third-party app store called Apksos. Another SharkBot-infected app, named "Phone AID, Cleaner, Booster" (com.sidalistudio.developer.app), was also discovered on Apksos.

Google's Challenge: Permission Abuse and Countermeasures

The threat actors behind SharkBot cleverly exploited the limited permissions allowed for certain app categories in Google's Developer Program Policy. By abusing the permission to install external packages (REQUEST_INSTALL_PACKAGES), the malware authors could remotely download and install their malicious payloads. Notably, the X-File Manager app specifically targeted users in Italy, accumulating over 10,000 downloads before its removal.

Protecting Against SharkBot and Similar Threats

If you have unwittingly installed any of the aforementioned apps, it is crucial to take immediate action to safeguard your finances and personal information. Follow these steps:

  1. Delete the infected apps from your device.
  2. Change your bank account passwords promptly.
  3. Enable Play Protect in the Play Store to enhance your device's security.
  4. Exercise caution when downloading apps and carefully review their ratings and reviews.

Conclusion: Stay Vigilant, Stay Secure!

The resurgence of the SharkBot malware disguised as file manager apps serves as a stark reminder of the evolving threats faced by Android users. By staying vigilant, promptly removing suspicious apps, and adopting best security practices, users can mitigate the risks posed by such malware. Let's ensure our digital lives remain secure and protected!

Labels:

Popular posts from this blog

[Apk Setup] Alpine-term App | without using termux

Install and Setup Alpine Term in Android App Welcome to the world of terminal and Linux environment on your Android device! 📲 In this blog post, we will guide you through the installation and setup process of Alpine Term, an amazing application that brings the power of Alpine Linux to your fingertips. Let's get started! 🚀 What is Alpine Term App? 🏔️ Alpine Term is a terminal and Linux environment application for Android. It utilizes Alpine Linux, running inside a headless x86_64 machine emulated with QEMU. The interaction with the operating system is done through terminals attached to the serial consoles of the virtual machine. This allows you to run commands, execute scripts, and experience a Linux environment on your Android device. System Requirements 📋 To install and use Alpine Term, make sure your device meets the following requirements: 📱 AArch64-based device. 🆙 Android 7.0 or higher. 💾 At least 500 MB of free space on the internal storage. 🌐 ...
Read More »

Cloudflared in Termux to Create tunnels, Port Forwding

Step-by-Step Guide: Installing Cloudflared in Termux for Android (Alternative to ngrok) | 2024" J Link updated https://github.com/rajbhx/cloudflared-termux What is cloudflare Cloudflare, Inc. is an American content delivery network and DDoS mitigation company, founded in 2010. It acts as a reverse proxy between a website's visitor and the Cloudflare customer's hosting provider. Its headquarters are in San Francisco, California Usages cloudflared -url [localhost]:port_number] example : cloudflared -url localhost:8000 cloudflared tunnel localhost:[port_number] Installation Make sure your Termux app updated The commands you provided are the steps to install Cloudflared in Termux using the `rajbhx/cloudflared-termux` repository. Here's a breakdown of each command: 1. Update and upgrade packages:    ```    pkg update && pkg upgrade && pkg install git    ``` 2...
Read More »

How to install and setup vShell in android app |कैसे इनस्टॉल करें

How to install and setup android vShell(Virtual Shell) app (no root) कैसे इनस्टॉल करें YouTube video link What is Android-vShell app vShell is a  virtual shell environment application  for the Android OS. A virtual Linux shell environment application for Android OS. Runs Alpine Linux in QEMU system emulator.  It provides a virtual machine running small Linux distribution ready for the use out-of-box. Application implements my view on how Linux terminal environments can look like on Android OS. As operating system security is getting more and more hardened over time (which is good btw), it become impossible to abuse design flaws such as executable user data to run Linux native executables. Ability to...
Read More »

How to extract Details from any mobile number Using termux | rajbhx

How to extract Details from any mobile number | termux | jarvisstaraq.blogspot.com What is truecallerjs Truecallerjs : A simple package to search phone number details.this tool also work in android and Termux app jarvisstaraq.blogspot.com Requirements Android phone Termux Proper valid Mobile Number(Phone number verification for truecaller) Truecaller InstallationId jarvisstaraq.blogspot.com Installation in Termux Installing Node.js, Git, and Wget in Termux:  To install Node.js, Git, and Wget in Termux, follow these steps: 1. Open your Termux app. 2. Run the following command to update the package lists:     ```    pkg update    ``` 3. Next, install Node.js using the following command:    ```    pkg install nodejs    ``` 4. Install Git using the command:    ```    pkg install git    ``` 5. Lastly...
Read More »

My Termux | How to install Lazymux in Termux #rajbhx

My Termux | How to install Lazymux in Termux Lazymux t00ls !nstaller !s very easy t0 use, 0nly pr0v!ded f0r lazy Termux users, just k!dd!ng. Lazymux !s a t00l that !s spec!ally made f0r Termux user wh!ch pr0v!des a l0t 0f t00l ma!nly used t00ls !n Termux, Lazymux !nstall any 0f the g!ven t00ls pr0v!ded by !t fr0m !tself w!th just 0ne cl!ck, and Lazymux always get updated.  What !s Python 3?   My Termux | How to install Lazymux in Termux @rajbhx How to Install Oh My Zsh How to download copyright free GAME PLAY CODM/PUBG/BGMI/FreeFire Call of duty mobile 60fps   How to install FacebookToolkit in Termux + linux + windows 10/11 Download any video with termux using youtube-dl | #rajbhx HOw to install Raspbian 9 (Stretch) in Termux #rajbhx On Decembe...
Read More »

How to install & use report-fb-account-termux tool in termux

report-fb-account-termux   [+]  Disclaimer : This tool is only for educational purpose. The developer is not responsible for any abuse of it.   [+] Installation apt update && apt upgrade -y apt install git python -y git clone https://github.com/jarvisstar/report-fb-account-termux.git cd autoreport python3 ar.py Or, Use Single Command apt install git python -y && git clone https://github.com/KasRoudra/autoreport && cd autoreport && python3 ar.py Screenshots:   Usage: Search "findfbid" in google to get victim's profile link. Such as Website1 , Website2 , Website3 , Website4 . Enter the victim's facebook profile link in the website, generate and copy the numeric id in clipboard. Run the script and enter or paste that id when asked! [+] Note: AUTOREPORT DOES NOT DISABLE ACCOUNT UNLESS THERE IS SPECIFIC POST(S)...
Read More »

How to install | instagram reporting 2 tool termux by jarvisstaraq

How to install | instagram reporting 2 tool termux by jarvisstaraq Assuming the client truly breaks the instagram rule then their is more opportunities to get prohibited. Instagram limits the reports per unit time, apparatus will auto quit revealing later arrived at limit at very nearly 40 reports. Shows "Detailed Succesfully" later Each Request. You can Report target again later some time (later 2-3 min). Use IP of same district for high effecivity. In the event that you enter invalid username it will in any case send report demand. Assuming that you getting mistake on utilizing intermediaries then, at that point, don't. Requirements Python3 Or Above  Need to install git in linux or termux Download GIT Usage Instagram mass reporter [ TERMUX ]  How to delete Instagram Account by mrwn007 Report tool Termux   [ TERMUX ]
Read More »

How to Install Java (Open-JDK-8) in Termux | two Methods

How to Install Java (Open-JDK-8) in Termux Method 1: Java 8 Installation Introduction Install Java (Open-JDK-8) in Termux without rooting your Android device. Follow these steps to get Java up and running in your Termux environment. Step-by-Step Guide Step 1: Install Kali Linux in Termux (Optional) pkg install wget proot -y && wget https://raw.githubusercontent.com/MasterDevX/KaliTermux/master/InstallKali.sh && bash InstallKali.sh Step 2: Download OpenJDK-8-JRE Deb Package Visit ftp.debian and copy the link to the OpenJDK-8-JRE deb package. Step 3: Download Deb Package in Kali Machine wget http://ftp.debian.org/debian/pool/main/o/openjdk-8/openjdk-8-jre-headless_8u275-b01-1_arm64.deb Step 4: Install Deb Package Manually dpkg -i openjdk-8-jre-headless_8u275-b01-1_arm64.deb Step 5: Change Java Version (Optional) sudo update-alternatives --config java Final Step: Verify Java Version Select the desired Java version (in this case, Java 8) by typ...
Read More »

How to delete Instagram Account by mrwn007 Report tool Termux

How to delete Instagram Account by mrwn007 Report tool Termux(Android) What is termux Termux is an Android terminal emulator and Linux environment app that works directly with no rooting or setup required. A minimal base system is installed automatically - additional packages are available using the APT package manager. mrwn007 / 007spam-BOT Check out new updated repository Instagram mass reporter [ TERMUX ] Instagram Reporting 2 [ TERMUX ] Instagram delete new method by crevils [Termux] Why this tool not working:( Because this tool author removed all files and reposiory also just because this tool no working @__@ Installation  pkg install git pkg install python git clone https://github.com/mrwn007/007spam-BOT.git cd 007spam-BOT python3 -m pip install requests python3 bot.py this repo is dead for normal users to report in Ins...
Read More »

🚀 The 2024 Java Developer Roadmap [UPDATED] 🚀

🚀 The 2024 Java Developer Roadmap [UPDATED] 🚀 Hello aspiring Java developers! 🌟 Welcome to the 2023 Java Developer Roadmap, a comprehensive guide designed to help you navigate your journey towards becoming a proficient Java professional. Whether you're just starting or looking to level up your Java skills, this roadmap will provide you with a clear path to success in the Java ecosystem. 🎉 Introduction Java, as a robust and versatile programming language, continues to be a leading choice for building enterprise-level applications, web services, mobile apps, and more. As we step into 2023, the Java landscape evolves, presenting exciting opportunities for developers like you. This updated Java Developer Roadmap encompasses years of expertise and industry insights to outline the key skills, tools, frameworks, libraries, and APIs that you should master to excel as a Java developer in 2023. 🔍 The Essentials Before diving into Java-specific to...
Read More »