Cybersecurity experts have found a new improved version of the SharkBot malware that has sneaked into some apps from the Google Play Store. This is designed to access banking logins on Android mobiles and has been introduced in updates to some applications that users already had installed.
According to a Fox IT publication, the applications with the malware are Mister Phone Cleaner and Kylhavy Movile Security. In total, both apps together have about 60,000 installations.
Google ensures that the applications are no longer available in its store, however, that does not prevent those who have it on their smartphones from experiencing problems. For that reason, those who installed them should delete them.
SharkBot malware was discovered in October 2021 by Cleafy malware analysts and the NCC group found evidence in March this year that it was present in some Google Play apps. Initially, this malware stole data through keylogging, intercepted SMS messages, and could access Accessibility Services to take remote control.
The new version, according to Fox IT experts, is capable of stealing cookies from bank account logins. Furthermore, it has been proven that this reinvented malware does not need to abuse Accessibility Services like before.
Instead of resorting to it, the cybersecurity company details that they make “a request to the C2 server to directly receive the Sharkbot APK file” without sending a download link along with the steps to install it. In this way, the user directly downloads the service and the application requests that they give it all the necessary permissions, among which are those that violate their privacy. The Fox IT investigation found that the countries in which the new version of Sharkbot had seen the most presence were Spain, Austria, Germany, Poland, Austria and the United States.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.