According to the most recent reports, the notorious Android banking malware known as SharkBot has once again been spotted on the Google Play Store, this time in the guise of a false antivirus app and a cleaner app.
“The newly developed dropper does not rely on Accessibility permissions in order to automatically carry out the installation of the dropper Sharkbot malware. Instead, this new version prompts the user to download and install the malicious software by pretending to be an update to their antivirus programme. This is done in the name of “staying safe against dangers.”
SharkBot Once Again Made An Appearance In Form of Fake Antivirus
The unfortunate piece of information is that the apps in question, which include Kylhavy Mobile Security and Mister Phone Cleaner, have a combined total of more than 60,000 installations between them. In addition to this, they are geared for users in countries such as Spain, Australia, Poland, Germany, the United States, and Austria.
- Mister Phone Cleaner (50,000+ downloads)
- Kylhavy Mobile Security (10,000+ downloads)
According to the allegations, the droppers were created with the intention of delivering a new variant of SharkBot, which the Dutch security firm ThreatFabric has designated as V2. They come with a command-and-control (C2) communication mechanism that has been modernised, a domain generation algorithm (DGA), and a codebase that has been completely refactored. Additional important information stealing capabilities that are worthy of notice here include the following:
inserting bogus overlays in order to steal login information for bank accounts
snooping on mobile phone text messages
using the Automated Transfer System to commit fraudulent activities involving the transfer of funds (ATS)
“Up until this point, the developers of SharkBot appear to have been concentrating on the dropper in order to continue exploiting Google Play Store to disseminate their malware in the most recent campaigns,” you said.
Malware is without a doubt a menace that is always changing and is always there. Our app shops are susceptible to attack as well. Be wary thus before downloading any app of this kind.