SharkBot Malware has resurfaced as a fake antivirus and cleaner apps on Google Play Store. This malware has been reported for stealing banking-related data. The dangerous apps include Mister Phone Cleaner and Kylhavy Mobile Security. The news gets worse as there have been 60,000 installations of these apps. As per NCC Group’s Fox-IT, the malware targets users in countries including Spain, Australia, Poland, Germany, the US, and Austria. “These apps don’t even need Accessibility permission to automatically install the dropper SharkBot malware, instead, they just ask the victim to install the malware as a fake update for the antivirus apps”, they stated.
Fox-IT’s Alberto Segura said, “this new version asks the victims to install the malware as a fake update for the antivirus to stay protected against threats. We have found two SharkbotDopper apps active in Google Play Store, with 10K and 50K install each of them. The malware can reportedly steal logging keystrokes, intercept SMS messages and carry out fraudulent fund transfers using the Automated Transfer System (ATS).” On August 22, 2022, a new sample of Sharkbot version 2.25 has been detected by Fox-IT’s Threat Intelligence.
This new SharkBot version seeks the session cookies from the victims to log into their bank accounts. It is advised to uninstall these malware apps if downloaded, though Google has already banned these apps. In addition, users having downloaded this malware must look out for strange transactions in their bank accounts.
SharkBot Malware
Discovered in 2018, SharkBot is a banking trojan. This malware focuses on exchanges and trading services by targeting crypto apps. It seeks to access the victim’s login details, which enables hackers to use their account malignantly. SharkBot has now evolved and is more vicious in detecting its victims using advanced technologies.