The so-called viruses Xenomorph or Sharkbot and Vulture They can create security breaches when installed on devices via apps and can give users’ bank account information to cybercriminals.

According to Bitdefender’s report, these platforms can download malware information “in chunks” after being installed on smartphones, meaning they are not detected by the Play Store or the phone’s system.

The emergence of file managers that cybercriminals choose to deploy malware is not a random decision. Because one of the indicators for identifying a malicious app is the number of permissions it requests, an administrator is more likely to request access to files than other types of apps, such as games or flashlights.

In this case, the malicious applications are “X-File Manager”, “FileVoyager”, “Phone AID, Cleaner, Booster” and “LiteCleanr M”, which use the similarity of reliability generated by positive reviews of up to five stars. From Play Store which they claim to be useful to other users which are actually fake accounts.

According to Bitdefender, these apps prompt the user to download an update as soon as it is installed on the device. However, this is not located on a Google server, but on another server, which allows the installation of malware that infects the device within minutes. Sharkbot is already on the smartphone and the victim does not notice it.

When the installation is complete, the application starts asking for more aspects of the phone, the most relevant being access to SMS. This is crucial for banking information theft, because with this permission, malware can bypass two-factor authentication in bank applications: it can read users’ verification codes, passwords, and cookies.

How to avoid falling victim to malicious apps

These types of apps aren’t just about keeping users out of their money, but about all kinds of personal information they can get from their device that can be used by cybercriminals for extortion or financial gain from a breach. bank. safety.

That’s why it’s important to identify them so that you don’t download them even when they appear to be trustworthy based on the recommendations of others. In an exclusive interview with Infobae, David Agranovich, Meta’s Global Director of Security Policy, shared three questions that Meta encourages people to ask themselves every time they try to download an app:

– The first is, what’s the point of linking to a social media account? Some of them, such as flashlights or information organizers, should not require this type of permission because they are not necessary for their work.

– What is your reputation? This is an important question, but one that needs to be looked at. Many malicious apps often have, as mentioned above, fake accounts with good reviews. However, according to Agranovich, the negative is the most important.

– Is the app too good to be true? If the answer is yes, then it most likely is. If it promises a lot of benefits for free, then it may have other intentions.

Continue reading: