From bleepingcomputer.com
A new collection of malicious Android apps posing as harmless file managers had infiltrated the official Google Play app store, infecting users with the Sharkbot banking trojan.
The apps do not carry the malicious payload upon installation to evade detection when submitted on Google Play but instead fetch it later from a remote resource.
Because the trojan apps are file managers, it’s less likely to raise suspicions when requesting dangerous permissions for loading the Sharkbot malware.