Están surgiendo poco a poco nuevas técnicas para ocultar código malicioso en las aplicaciones de Android y publicar apps aparentemente legítimas que luego resultan ser un caballo de Troya. Uno de los últimos casos trata sobre SharkBot, un malware capaz de robar solicitudes de inicio de sesión mediante una pantalla superpuesta.
This technique of stealing data is not new, what is new is the malware. To date, the malicious link used to be hidden in a suspicious message, now it is done through externally downloaded applications. I mean, even if the application is legitimate and downloaded from the Play Store, it then asks us to perform an update that is not downloaded from the Play Store, and this is how the malware is introduced.
This malware has mainly focused on banks in Spain, Germany, France, the United Kingdom and other European countries and hides under multiple types of applications.
It is always advisable to exercise extreme caution when installing applications from outside the Play Store and if they request updates, to install them from the Play Store.
Fountain: Engadget