These sneaky Android apps are stealing banking info — delete them now

A person trying to login into their bank account using their phone
(Image credit: Shutterstock)

Even though you’ve downloaded an app directly from the Google Play Store, it may not be safe, as cybercriminals are continuing to use the search giant’s official Android app store to distribute malware and steal banking info from unsuspecting users.

According to a new blog post from Bitdefender, the firm’s security researchers have used its real-time behavioral technology to discover four new malicious apps on the Play Store that act as malware droppers.

Like Apple, Google regularly scans new apps uploaded to its app store for malware and other viruses. However, malware dropper apps bypass these security checks as they don’t contain any malicious code when downloaded. Instead, they download their malicious payloads after being installed on a user’s device. 

Delete these Android apps now

Although all of the apps listed below have since been removed from the Play Store, they are still available on various third-party app stores which makes them a current threat. Likewise, if you have any of these apps installed on your Android devices, you will need to manually uninstall them.

  • X-File Manager - 10,000 downloads
  • FileVoyager - 5,000 downloads
  • Phone AID, Cleaner, Booster - 15,000+ downloads
  • LiteCleaner M - 1,000 downloads

Malware droppers posing as file managers

Green skull on smartphone screen.

(Image credit: Shutterstock)

The malware dropper apps discovered by Bitdefender are disguised as file managers which is why they request permission to install external packages after being installed on your phone. However, they actually abuse this permission by downloading malware onto a user’s Android smartphone or tablet.

Just like with other malicious apps we’ve highlighted in the past, X-File Manager and others on the list above use fake updates as a means of installing the SharkBot malware. This malware looks at all of your apps to see if you have banking apps from Barclays, Santander, HSBC and other popular financial institutions installed on your device. If so, SharkBot can steal your banking credentials and empty your accounts.

While these malicious file manager apps primarily targeted users in the UK, Italy, Iran, Germany and Algeria, people from other countries may have downloaded them from the Play Store or third-party app stores as well.

How to stay safe from malicious Android apps

Google Play on a Samsung Galaxy phone

(Image credit: Shutterstock)

When it comes to staying safe from malicious Android apps, you need to be extra careful when installing any new app on the best Android phones or best Android tablets. First, ask yourself if you really need the app and from there, you should take a close look at its rating on the Play Store as well as its reviews. Since reviews can be fake, you should also look for external reviews on other sites and video reviews are great since you can see the app in action.

You also want to make sure that Google Play Protect is enabled on all of your devices as it scans your apps for malware in the background. For added protection though, you can install one of the best Android antivirus apps too.

At the same time, you'll also want to avoid sideloading apps as they could contain malware and don’t go through the same rigorous security checks that Play Store apps subject themselves to. Official app stores are your best bet for finding new apps but even there, you need to be careful as malware droppers can easily slip past Google’s defenses.

As for file manager apps, most Android devices actually come with a built-in one so you don’t need to waste time trying to download one from the Play Store in the first place.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.