Hi guys,

The following four apps contain Sharkbot and Vultur malware designed to steal online banking credentials. They are called dropper apps; when you first install them, they do not harm you, but the malware gets dropped onto the target device later.

As I described in a previous tip:

A dropper app is an app that gets published in the play store as a fully trusted app. They pass all of the security checks, and at a glance, they look legitimate. However, as soon as they get published, they immediately connect to their command and control server, where they download a malicious portion (a payload) that turns the app into malware.

With these four apps, once the dropper has completed, it gives remote operators the following functionality on a target device:

  • Fake banking login overlays
  • SMS interception for 2FA codes
  • Keylogging
  • Social media credential stealing
  • Remote screen streaming

You can read the full report from Threat Fabric by going HERE.

Please check your phone, and if you have these apps installed, remove them immediately and contact our team for assistance.

  • Codice Fiscale 2022
  • Recover Audio, Images & Videos
  • Zetter Authentication
  • My Finances Tracker’ – 1,000 downloads

I hope all is well with you and as always, let me know if you need anything.

All the best,

Max Roberts,
Incognito Privacy Care Team