A crypto application targeting the SharkBot malware has reappeared on the Google App Store
The SharkBot malware family was first discovered in October last year and continues to evolve with new ways to hack Android users’ banking and crypto apps.
Recently, a newly updated version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, which can now steal login cookies and bypass fingerprint or authentication requirements.
The warning about the new version of the malware was shared on September 2 by malware researcher Alberto Segura and intelligence analyst Mike Stockel on their Twitter accounts and in an article on the Fox IT blog.
According to Segura, a new version of this malware has been discovered on Aug. 22, and can “perform overlay attacks, steal data through keylogging, intercept SMS messages, or give threat actors complete remote control of the host device by abusing the Accessibility Services.”
A new type of malware has been detected in two Android apps — “Mister Phone Cleaner” and “Kylhavy Mobile Security,” which have since amassed 50,000 and 10,000 downloads respectively.
Both apps first appeared on the Play Store after Google’s automated code review did not detect any malicious code, but were later removed from the store
Some observers suggest that users who have installed the app may still be at risk and should remove the app manually. An in-depth analysis by Italian security firm Cleary found 22 targets for Sharkbot, including five crypto exchanges and several international banks in the US, UK and Italy.
As for the malware’s attack method, the earlier version of the SharkBot malware “relied on accessibility permissions to automatically install the dropper SharkBot malware.”
But this new version is different, “asks the victim to install the malware as a fake update for the antivirus to stay protected against threats.”
If it is installed, if the victim wants to enter his bank account or encryption, Sharkpot can place its true cookie session files with the command of “logs cookies,”, which essentially ignores any fingerprint or control effect.
The first version of Sharkpot was in October 2021, first discovered by Cleafy.
According to Cleafy’s first analysis of SharkBot, the main goal of SharkBot was “to initiate money transfers from the compromised devices via Automatic Transfer Systems (ATS) technique bypassing multi-factor authentication mechanisms.”
