ThreatFabric researchers discovered that 231 banking and cryptocurrency wallet apps from U.S., Australian, French, Dutch, Spanish, German, Polish, Italian, Austrian, and U.K. financial entities are being targeted by five malicious dropper Android apps
that have been downloaded more than 130,000 times in the Google Play Store, reports The Hacker News
Banking trojans SharkBot and Vultur, which have financial data exfiltration and fraud execution capabilities, are being spread by the dropper apps, four of which remain in the Google Play Store, researchers said.
Italian banking users were targeted by the latest SharkBot attacks, which involved the use of a dropper impersonating a tax code identifier app, while Vultur was distributed by three other droppers that performed as advertised but also featured covert functionality.
"Distribution through droppers on Google Play still remains the most 'affordable' and scalable way of reaching victims for most of the actors of different levels. While sophisticated tactics like telephone-oriented attack delivery require more resources and are hard to scale, droppers on official and third-party stores allow threat actors to reach a wide unsuspecting audience with reasonable efforts," the report said.