Once they are installed they request additional permissions and download an update that is actually a virus
This is the new Google Play logo
Viruses called Xenomorph or Sharkbot and Vultur can create security breaches by being installed on devices via applications and can transmit the information from users' bank accounts to cybercriminals.
According to the Bitdefender report, these platforms can download malware information “in parts” after they have been installed on smartphones, which means that neither the Play Store nor the phone system detects them.
The appearance of file managers that cybercriminals choose to introduce malware is not a random decision. Because one of the indicators of identifying a malicious app is the number of permissions it requests, an administrator is more likely to request access to files than other types of applications such as games or flashlights.
Some applications in the Google Play Store have banking malware that threatens the security of users. (Bitdefender)
In this case, the malicious applications are “X-File Manager”, “FileVoyager”, “Phone AID, Cleaner, Booster” and “LiteCleanr M”, who use a semblance of reliability generated by positive reviews of up to five stars on the platform. from Play Store that they claim are useful for other users, which are actually fake accounts.
According to Bitdefender, these applications seek the user to download an update as soon as it is installed on the device. However, this is not located on a Google server but on another that allows the installation of the malware, with which the infection of the device has been completed in a few minutes. Sharkbot is already on the smartphone and the victim has not noticed.
When the installation is finished, the application initiates the request to a greater number of aspects of the phone, the most relevant being the access to SMS. This is crucial for the theft of bank information because with this permission the malware can circumvent the two-factor authentication of bank applications: it will be able to read the confirmation codes, passwords and cookies of the users.
Malicious applications seek to increase user trust through false reviews in the Google Play Store. (Bitdefender)
How to avoid being a victim of malicious applications
Applications of this type are not only after users' money from the beginning, but also all kinds of personal information that they can obtain from a device and that can be used for cybercriminals to obtain some financial gain as a result of extortion or violation. bank security.
That is why it is important to identify them so as not to download them even when it seems that they are reliable based on recommendations from others. During an exclusive interview with Infobae, David Agranovich, global director of Security Policy at Meta, shared three questions that Meta invites people to ask themselves every time they try to download an application:
– The first one is, what is the point of connecting to a social media account? Some, such as flashlights or information organizers, would not have to request this type of permit because they do not represent a necessity for their operation.
David Agranovich, director of Security Policy at Meta globally, shared three questions that Meta invites people to ask themselves every time they try to download an app. (Meta)
– What is your reputation? This is an important question, but one that needs to be addressed. Many malicious apps often have, as mentioned above, fake accounts with good reviews. However, the most important according to Agranovich are the negative ones.
– Is the app too good to be true? If the answer is yes, then most likely it is. If it promises a lot of benefits for free then you may have other intentions.