Malware evolves too, and it does it for Evade security systems The newest and most updated is that Google is standing up for Android and Play Store and the apps in them. The virtual store has always been a fertile ground for this type of risk, and despite the best efforts of the Mountain View experts, Android 13 has already been attacked by thieves.
The most used technique in recent times is the dropper malware technique – dropper – Who is exploiting this is Apparently harmless applications because they themselves do not contain malicious code – So they can pass Google tests without problems – but they undermine the security of smartphones and unsuspecting users Postponing the introduction of malware later via a (dummy) update It is completed through a fake Play Store page through which accessibility services are contacted.
And, as often happens, the targets are banking apps And those who belong to this category Finance. Threat texture It confirms the increasingly frequent exploitation of this type of technology by identifying the different apps on the Play Store that you use. SharkBoat For example is Banking Trojan is able to steal personal data and SMS (the latter types of tracking 2FA codes) and Control your smartphone remotely. One of the apps you hide is Tax Code 2022, downloaded in Italy thousands of times without users realizing its danger. It is used to calculate taxes, but in fact its purpose is anything but.
Once downloaded and opened, the app asks to download an update from a fake Play Store, through which malware is installed inside our smartphone. It’s easy to fall for it, because the page looks exactly like the original. up to the app files manager It behaves in the same way and targets banks in Italy, UK, Germany, Spain, Poland, Austria, Australia and the United States.
SharkBoat doesn’t just exist as a dropper: EagleFor example, it is a banking Trojan that bad guys can access through In the Remote screen streaming and recording of clicks and gestures, thus stealing passwords full of users. In this case, the (apparently harmless) application update is requested via a file Fake Warning on Google Play: Once the permission is granted, the malware is downloaded. Specific applications are Restore audio, photos and videosAnd the Zetter authentication And the My Finance Tracker: Trains are AES encrypted to hide strings.
The ‘good news’ is that the malware to install – and this applies to both SharkBoat and Vultur – Manual user intervention. However, the bad news is that fake websites that mimic the Play Store and alerts are so similar to the original that it is easy to fall into the trap. Always advice to Check the URL Be very careful before proceeding Do not authorize updates from unknown sources.