- The notorious SharkBot banking malware has resurfaced on the Google Play Store by disguising itself as a false antivirus and cleaning app.
- The apps at issue, which include Mister Phone Cleaner and Kylhavy Mobile Security, have over 60,000 installations combined.
According to the most recent reports, the notorious Android banking malware SharkBot has resurfaced on the Google Play Store by disguising itself as a false antivirus and cleaning app.
In a report, Fox-IT of NCC Group said:
“This new dropper doesn’t rely on accessibility permissions to automatically perform the installation of the dropper Sharkbot malware. Instead, this new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats.”
The bad news is that the apps at issue, which include Mister Phone Cleaner and Kylhavy Mobile Security, have over 60,000 installations combined.
Furthermore, they are intended for users in Spain, Australia, Poland, Germany, the United States, and Austria.
- Mister Phone Cleaner (more than 50,000 downloads)
- Kylhavy Mobile Security (more than 10,000 downloads)
According to the claims, the droppers are supposed to deliver a new version of SharkBot called V2 by Dutch security firm ThreatFabric.
They have a refactored codebase, an updated command-and-control (C2) communication system, and a domain generation algorithm (DGA).
Other notable information-theft capabilities worth mentioning are:
- injecting bogus overlays to obtain bank account credentials.
- logging keystrokes
- Intercepting SMS messages and committing fraud via the Automated Transfer System (ATS)
Alberto Segura and Mike Stokkel, researchers, stated:
“Until now, SharkBot’s developers seem to have been focusing on the dropper in order to keep using the Google Play Store to distribute their malware in the latest campaigns.”
[embedpost slug=”/tiktok-denies-that-hackers-leaked-users-sensitive-data/”]
