A new and upgraded version of the SharkBot malware has returned to Google’s Play Store, targeting banking logins of Android users through apps that have tens of thousands of installations.
The malware was present in two Android apps that did not feature any malicious code when submitted to Google’s automatic review.
However, SharkBot is added in an update occurring after the user installs and launches the dropper apps.
While submitting the malware to Google’s automatic review, the malware was present in two Android apps. The two malicious apps are “Mister Phone Cleaner” and “Kylhavy Mobile Security,” which has around 60,000 installations.
However, both apps are removed from Google Play Store, but users who already have those apps on their smartphones are at risk. So, if you have these apps on your smartphone, immediately remove them manually.
We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! Great work @Mike_stokkel! https://t.co/uXt7qgcCXb
— Alberto Segura (@alberto__segura) September 2, 2022
Last year, eight deceptive cryptocurrency apps were removed from the Play Store after they were discovered as crypto scam apps.
- BitFunds – Crypto Cloud Mining
- Bitcoin Miner – Cloud Mining
- Bitcoin (BTC) – Pool Mining Cloud Wallet
- Crypto Holic – Bitcoin Cloud Mining
- Daily Bitcoin Rewards – Cloud Based Mining System
- Bitcoin 2021
- MineBit Pro – Crypto Cloud Mining & BTC miner
- Ethereum (ETH) – Pool Mining Cloud.
What is Sharkbot?
First discovered in 2021, the SharkBot malware is a trojan horse malware, i.e. it disguises itself as a legitimate application or software which then allows the malware to infect a device. The malware was found to be targeting crypto apps, especially apps belonging to cryptocurrency exchanges and trading services.
The malware would be able to steal the password and other details when people would login to legitimate cryptocurrency and banking apps, allowing the hackers to withdraw or scam people of all their money. The malware would even manage to steal the two-factor authentication key on the apps it targeted and was found to have downloaded over 100,000 times. While the infected apps and software were banned by Google from its PlayStore, experts have noted that the instances of malware have once again increased.
How to protect yourself against it?
The best way to protect yourself from malware is to ensure that you are only downloading apps and software from trusted developers. While the SharkBot app could ‘steal’ a 2FA key when on your phone, it is still important to have two-factor authentication enabled as it makes the job harder for hackers. Keeping an eye on your financials. Noting any strange transactions and activity is one of the ways that you can become aware of having this malware on your phone.
Also, ensure that your devices are always running the latest software updates as these updates often contain security measures that help shore up previous vulnerabilities that hackers could have been using.
No responses yet