SharkBot Once Again Made An Appearence In Form of Fake Antivirus Apps

According to the latest reports, SharkBot, the notorious Android banking trojan has once again made an appearance on the Google Play Store by masquerading as fake antivirus apps and cleaner apps.

Beware! Fake Antivirus Apps & cleaner Apps Lead To Installation Of SharkBot Malware

NCC Group’s Fox-IT stated in a report:

“This new dropper doesn’t rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware. Instead, this new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats.”

The bad piece of information is that the apps in question include Mister Phone Cleaner and Kylhavy Mobile Security have over 60,000 installations between them. Moreover, they are designed to target users in Spain, Australia, Poland, Germany, the U.S, and Austria.

The reports claim that the droppers are designed to drop a new version of SharkBot which is dubbed V2 by Dutch security firm ThreatFabric. They feature an updated command-and-control (C2) communication mechanism, a domain generation algorithm (DGA), and a fully refactored codebase. Other notable information stealing capabilities worth mentioning here include:

• injecting fake overlays to harvest bank account credentials
• logging keystrokes
• intercepting SMS messages
• carrying out fraudulent fund transfers using the Automated Transfer System (ATS)

The researchers Alberto Segura and Mike Stokkel stated that:

“Until now, SharkBot’s developers seem to have been focusing on the dropper in order to keep using Google Play Store to distribute their malware in the latest campaigns.”

No doubt, malware poses an evolving and omnipresent threat. Our App stores are vulnerable too. So, beware, while downloading any such apps.

Also Read: Samsung One UI 4.1.1 Is Making Its Way To Older Devices – (phoneworld.com.pk)