These five Android apps are trying to steal your bank account

Two dangerous viruses have recently been found in the Play Store. Hidden in the code of five Android apps, they aim to siphon the bank accounts of their victims. Find out the list of French banks targeted by hackers.

ThreatFabric researchers discovered the presence two malware in the Play Store, Google’s application store. In its report, the Dutch company first mentioned the case of SharkBot, a Trojan designed to steal the banking details of its victims. As ThreatFabric explains, this isn’t the first time SharkBot has made a noticeable appearance on the Play Store.

Also read: Uninstall these 16 Android applications, they destroy the autonomy of your smartphone

How Viruses Trick Android Users

As part of this campaign, hackers went above and beyond to trick Google, the report points out. Indeed they succeeded avoid group security systems with ” drop (or dropper), a computer tool that disguises malicious code. During verification, the application is seen as legitimate and harmless in the eyes of Google. The malicious payload is deployed after installation.

To convince the victim to install the payload, a fake Play Store page is superimposed on the screen. It prompts the userinstall an app update he just downloaded it. This update contains a payload intended to capture bank details.

Since victims are sure of the application’s origin, they are likely to install and run the payload “said ThreatFabric.

Computer security experts have also seen the presence of malware VULTURES on the platform. Again, this is a Trojan capable of collecting banking data from Android users. Mirroring SharkBot, Vultur embeds droppers to avoid Google.

Once installed, viruses multiply strategies for obtaining sensitive data, including bank details and passwords. For example they are able to record the words typed on the virtual keyboard, to display a superimposed window, to collect the telephone directory or to intercept all SMS received. This technique makes it possible to retrieve the verification codes sent by an application.

More than 200 Android apps are targeted

Both are targets of malware more than 231 apps. Most of the targeted apps are related to banks or financial services. These include online services such as N26, PayPal, Aion Bank, Bunq, and Revolut. French banks are also targeted:

  • ING France
  • Credit Mutuel de Bretagne
  • BNP Paribas
  • Boursorama
  • CIC
  • Mutual credit
  • Orange Bank
  • Hello bank! through BNP Paribas
  • Agricultural credit
  • LCL
  • HSBC France
  • My French Bank
  • Societe Generale

Note that viruses are also designed to steal cryptocurrencies owned by their victims. SharkBot and Vultur target many applications for crypto-assets, such as exchange platforms (Binance,, Bitfinex, Bitpanda, Bittrex, Bybit, Coinbase, eToro, Gemini, Kraken…) and wallets digital (MetaMask, BlueWallet, etc.). The malware then collects credentials (passwords and usernames) or private keys.

Users living in France, Italy, the United Kingdom, Germany, Spain, Poland, Austria, the United States, Australia or the Netherlands are in the crosshairs of cybercriminals.

Five Android applications to uninstall immediately

The two viruses were able to hide the code of five Android apps. Generally, these infected applications are accumulated more than 130,000 installs through the store.

Alerted by ThreatFabric, Google removed the apps from the Play Store. If you have installed these apps on your smartphone or tablet, we advise you to delete them immediately:

  • Tax Code 2022
  • File Manager Small, Lite
  • My Finance Tracker
  • Recover Audio, Images and Videos
  • Zetter Authenticator

After uninstalling, take some time to change all your passwords. We also recommend that you monitor any suspicious transactions in your bank account. Also, make sure your cryptocurrency is always stored in your digital wallet or exchange of choice. Finally, do not hesitate to install a good antivirus for Android to protect yourself from hackers.



Leave a Reply

Your email address will not be published. Required fields are marked *