SharkBot Malware has returned to Google Play Store and is targeting crypto apps to steal the user’s login details.
The malware can steal cookies from accounts. Also, while the user bypasses the authentication methods like fingerprint, it can steal.
After the user installs and launches the dropper apps, the SharkBot malware is added. A malware analyst, Alberto Segura, posted a tweet about the malware to alert Android users.
SharkBot Malware Found On Play Store, Targets Crypto Apps
While submitting the malware to Google’s automatic review, the malware was present in two Android apps. The two malicious apps are “Mister Phone Cleaner” and “Kylhavy Mobile Security,” which has around 60,000 installations.
However, both apps are removed from Google Play Store, but users who already have those apps on their smartphones are at risk. So, if you have these apps on your smartphone, immediately remove them manually.
We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! Great work @Mike_stokkel! https://t.co/uXt7qgcCXb
— Alberto Segura (@alberto__segura) September 2, 2022
Once the malware is installed on your device, it cancels the Log-in with fingerprint dialogs. So the users are forced to enter the password. The SharkBot malware can bypass two-factor authentication.
In a blog post, Segura said,
“This new Sharkbot dropper asks the victim to install the malware as a fake update for the antivirus to stay protected against threats”.
The main goal of the malware was to transfer money from compromised devices via Automatic Transfer Systems (ATS). A technique bypassing multi-factor authentication mechanisms. It is explained by Cleafy Labs, an online fraud management company. They explained it when the malware was first identified.
Scammers can easily take control of smartphones via mobile apps, so most of them target victims via apps.
Last year, eight deceptive cryptocurrency apps were removed from the Play Store after they were discovered as crypto scam apps.
- BitFunds – Crypto Cloud Mining
- Bitcoin Miner – Cloud Mining
- Bitcoin (BTC) – Pool Mining Cloud Wallet
- Crypto Holic – Bitcoin Cloud Mining
- Daily Bitcoin Rewards – Cloud Based Mining System
- Bitcoin 2021
- MineBit Pro – Crypto Cloud Mining & BTC miner
- Ethereum (ETH) – Pool Mining Cloud.
Last year in October 2021, malware analysts at Cleafy discovered SharkBot. Then in March 2022, NCC Group found out the apps were infected on Google Play Store.
In May 2022, the researchers at ThreatFabric spotted SharkBot 2. It came with a domain generation algorithm (DGA).
On August 22, researchers at Fox-IT discovered a new version of malware 2.25 which added the capability to steal cookies.