The Hacker News reports that threat actors have been spreading the SharkBot banking trojan through fraudulent file manager apps on the Google Play Store in an effort to evade security restrictions of the app marketplace.
SharkBot dropper apps X-File Manager, FileVoyager, and LiteCleaner M have been downloaded more than 16,000 times combined, with most of the impacted devices located in the U.K. and Italy, a report from Bitdefender.
While Google has already removed all of the fake file manager apps from its Play Store, LiteCleaner M and another SharkBot-laced app Phone AID, Cleaner, Booster could still be downloaded from the Apksos app store. Malicious actors have been leveraging file managers as malware lures amid Google's crackdown on permission exploitation, with external package installation permissions restricted to certain app categories, including file managers.
"The application [i.e., the dropper] performs anti-emulator checks and targets users from Great Britain and Italy by verifying if the SIM ISO corresponds with IT or GB," said Bitdefender.