A new and updated version of the SharkBot malware has returned to Google’s Play Store, targeting Android users’ banking logins via apps with tens of thousands of installations. When submitted to Google’s automatic review, the malware was found in two Android apps that did not contain any malicious code. SharkBot, on the other hand, is added in an update that takes place after the user installs and launches the dropper apps.
According to a blog post by Fox IT, a division of the NCC Group, the two malicious apps are “Mister Phone Cleaner” and “Kylhavy Mobile Security,” which have 60,000 installations combined. Although the two apps have been removed from Google Play, users who have installed them are still at risk and will require to uninstall them manually.
SharkBot has advanced now
SharkBot was discovered in October 2021 by malware analysts at Cleafy, an Italian online fraud management and prevention company. NCC Group discovered the first apps carrying it on Google Play in March 2022.
At the time, the malware was capable of performing overlay attacks, stealing data through keylogging, intercepting SMS messages, and granting threat actors complete remote control of the host device by abusing the Accessibility Services.
ThreatFabric researchers discovered SharkBot 2 in May 2022, which included a domain generation algorithm (DGA), an updat
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: