Endpoint/Device Security, Application security, Threat Management, Malware

More than 200 banking, crypto apps targeted by Android dropper apps

ThreatFabric researchers discovered that 231 banking and cryptocurrency wallet apps from U.S., Australian, French, Dutch, Spanish, German, Polish, Italian, Austrian, and U.K. financial entities are being targeted by five malicious dropper Android apps that have been downloaded more than 130,000 times in the Google Play Store, reports The Hacker News. Banking trojans SharkBot and Vultur, which have financial data exfiltration and fraud execution capabilities, are being spread by the dropper apps, four of which remain in the Google Play Store, researchers said. Italian banking users were targeted by the latest SharkBot attacks, which involved the use of a dropper impersonating a tax code identifier app, while Vultur was distributed by three other droppers that performed as advertised but also featured covert functionality. "Distribution through droppers on Google Play still remains the most 'affordable' and scalable way of reaching victims for most of the actors of different levels. While sophisticated tactics like telephone-oriented attack delivery require more resources and are hard to scale, droppers on official and third-party stores allow threat actors to reach a wide unsuspecting audience with reasonable efforts," the report said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.