A fake antivirus app and a cleaner app containing SharkBot malware are now available in the GooglePlay Store.
Users’ banking data is reportedly stolen by the malware. Mister Phone Cleaner and Kylhavy Mobile Security are two examples of dangerous apps. Unfortunately, over 60,000 people have already downloaded the apps. As well as Spain, Australia, Poland, Germany, the U.S., and Austria, this malware targets users in these countries. The Fox-IT team at NCC Group discovered this new malware. In their opinion, these apps do not automatically install the Sharkbot dropper malware based on Accessibility permissions, but instead ask the victim to install it as a fake antivirus update.
According to reports, Dutch security firm ThreatFabric has dubbed the new SharkBot version V2. In addition to the updated command-and-control mechanism (C2), the codebase for the carrier apps has been refactored and features a domain generation algorithm (DGA). Harvesting bank account credentials by injecting fake overlays. Through the Automated Transfer System (ATS), the malware can intercept SMS messages, steal keystrokes, and conduct fraudulent fund transfers.
Newer versions of the malware will siphon cookies when victims log in to their bank accounts, and they will no longer be able to automatically reply to incoming messages with links to malware. In addition, the operators of this malware are constantly tweaking their techniques in order to bypass security and reach a user’s device.
What is SharkBot Malware?
SharkBot was discovered in 2018 as a banking trojan. Crypto apps were targeted by the malicious app, particularly exchanges and trading services. Using the stolen login information, hackers can access the victim’s account to conduct malicious activity. In the past few years, SharkBot has evolved into a more dangerous version that uses advanced techniques to bypass detection.