Click to Skip Ad
Closing in...

These fake Android file manager apps steal banking logins

Updated 6 days ago
Published Nov 22nd, 2022 4:34PM EST
Google Pixel 7 Apps
Image: Christian de Looper for BGR

Android device owners beware — more malicious apps have been discovered on the Google Play store. Bitdefender’s cybersecurity team says several fake Android file manager apps are infecting Android devices with the SharkBot banking malware. These fake apps are no longer available on the store, but they might still be on your phone. Screenshots of the store pages show that thousands of Android users downloaded these malicious apps.

As Bleeping Computer explains, SharkBot malware tries to steal bank accounts by displaying fake login forms on top of legitimate login prompts found in banking apps. If you input your username and password into the fake form, it will be sent to a hacker, who can then use it to infiltrate your account and steal your money.

In September, we warned about SharkBot malware disguised as phone cleaning apps. Now, the threat actors appear to have moved on to file manager apps. One such app (which isn’t on Google Play anymore) was X-File Manager, with over 10,000 downloads.

X-File Manager installs malware on Android devices.
X-File Manager installs malware on Android devices. Image source: Bitdefender

Upon downloading the app, users shouldn’t be suspicious. The app does ask for a bunch of invasive permissions, including reading and writing external storage, installing and deleting packages, and accessing account details. But this is a file management app. It makes sense that it would need more permissions than an average productivity app.

Eventually, the app downloads the malicious payload and prompts the user to install an update. In reality, the user is installing the SharkBot malware.

According to Bitdefender, this campaign is specifically targeting users in Great Britain and Ireland. If the app detects a SIM card from those regions, it will download the malware. The banking apps targeted by the campaign include Barclays, Bank of Ireland Mobile Banking, Santander Mobile Banking, and HSBC UK Mobile Banking.

Other apps Bitdefender claims were infecting Android devices include “FileVoyager,” “Phone AID, Cleaner, Booster,” and “LiteCleaner M.” If you have any of these apps on your Android device, delete them as soon as you possibly can.


READ MORE: 4 dangerous Android malware apps discovered on Google Play

Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.