The infamous Android banking malware SharkBot, according to the most recent reports, has resurfaced on the Google Play Store by disguising itself as false antivirus and cleaning apps.
In a report, Fox-IT of NCC Group said:
“This new dropper doesn’t rely on Accessibility access to carry out the dropper Sharkbot malware installation automatically. Instead, to keep safe from dangers, this new version asks the victim to install the malware as a phoney antivirus update.
The unfortunate fact is that the disputed apps, which also include Mister Phone Cleaner and Kylhavy Mobile Security, have amassed over 60,000 installations combined. Additionally, they are intended for users in Germany, the U.S., Austria, Poland, Spain, Australia, and Australia.
Downloads of Mister Phone Cleaner exceed 50,000.
(10,000+ downloads) Kylhavy Mobile Security
According to sources, the droppers are meant to deliver SharkBot V2, a new version developed by Dutch security company ThreatFabric. They have a completely refactored codebase, a domain generation algorithm (DGA), and an upgraded command-and-control (C2) communication system. The following additional noteworthy information-stealing abilities are worth mentioning:
Inserting phoney overlays to collect bank account login information
Using the Automated Transfer System to conduct fraudulent financial transfers while intercepting SMS messages (ATS)
According to scientists Mike Stokkel and Alberto Segura,
According to the newest campaigns, SharkBot’s developers appear to have been concentrating on the dropper up until this point in order to continue exploiting Google Play Store to disseminate their malware.
Malware is without a doubt a constant and evolving menace. Our app shops are also insecure. Therefore, use caution when downloading any such apps.