SharkBot Android Banking Trojan Discovered Using Fake Antivirus and Cleaner Apps
Reading Time: 2 minutes

Cybersecurity researchers have discovered SharkBot Android banking trojan using fake antivirus and cleaner apps on the Google Play Store.  

Previously, the dropper for Sharkbot malware relied on a web browser’s permissions. Now, this new version does not ask the victim for safari limitations, it installs malicious antivirus-software as an update, according to the NCC Group’s Fox-IT report

The apps Mister Phone Cleaner and Kylhavy Mobile Security, can remove an average smartphone from junk, freeing up space on your phone and improving security. With over 60,000 installations between them and used by countries all over the world, including Spain, Australia, Poland, Germany, and Austria.

A new version of the SharkBot Android banking trojan, codenamed V2, will be delivered through droppers to featured an updated C2 message, DGA and refactored code.SharkBot Android Banking Trojan Discovered Using Fake Antivirus and Cleaner Apps-1The operators of SharkBot Android banking trojan purposely avoid granting the app permissions for installing it. They are constantly tweaking their techniques to avoid detection.Fox-IT said a new version of 2.25 will be released on August 22, 2022 that introduces an ability to siphon cookies in bank accounts and remove automatic links used to spread malware.SharkBot Android Banking Trojan Discovered Using Fake Antivirus and Cleaner Apps-2

The malware posses other additional information stealing capabilities such as injecting fake overlays to harvest bank account credentials, logging keystrokes, intercepting SMS messages, and carrying out fraudulent fund transfers using the Automated Transfer System (ATS).

Apple’s app store continues to try every trick in the book to avoid being hacked. Google attempts to thwart malware, but there are always new threats out there.

According to researchers Alberto Segura and Mike Stokkel, “Until now, SharkBot’s developers seem to have been focusing on the dropper in order to keep using Google Play Store to distribute their malware in the latest campaigns.”

Related Articles:
US Bans Ex-NSA trio who spied on Americans for UAE from arms exports
JuiceLedger Hackers – Culprits Behind the Recent Phishing Attacks Against Python Package Index Users
Samsung Data Breach Revealed Some Customers’ Names, Birthdays, and More