Sharkbot Malware Swims Again To Google Play To Chunk New Victims, Delete These Apps Now

A nasty little bit of Android malware beforehand lurking on the Google Play Retailer has returned with extra capabilities. Often called SharkBot, the malware is designed to steal consumer login credentials, notably credentials used to entry monetary functions. The malware has additionally been discovered to provoke cash transfers instantly on compromised gadgets.

SharkBot abuses accessibility permissions in a number of methods to conduct its malicious endeavor. The malware can steal consumer credentials by logging textual content entered into login fields. Within the case {that a} consumer’s account is protected by SMS two-factor authentication (2FA), SharkBot can bypass this safety by studying SMS messages to steal authentication codes. The malware can be able to overlaying faux login screens instantly over focused monetary apps. The faux login screens seem legit however truly steal entered consumer credentials. Moreover, risk actors can use SharkBot to remotely management contaminated gadgets. All of those capabilities are scary sufficient, however a brand new model of SharkBot has entered the wild with the additional capability to steal consumer session cookies.

Risk actors distribute the malware by submitting apps to the Google Play Retailer that come packaged with a malware dropper utility. As soon as an unsuspecting consumer installs one in all these apps, the dropper reaches out to a command-and-control (C2) server and downloads the complete SharkBot malware payload. Earlier variations of the SharkBotDropper abused accessibility companies to routinely set up the malware payload. Nevertheless, researchers at Fox IT just lately discovered a brand new model of the dropper that prompts customers to put in the malware themselves, falsely informing customers that the APK file comprises an app replace.

The researchers discovered two apps on the Google Play Retailer that include this up to date malware dropper: Mister Cellphone Cleaner and Kylhavy Cell Safety. Between them, the 2 apps have a complete of 60,000 downloads. As of the time of writing, Google seems to have eliminated the Kylhavy Cell Safety app from the Play Retailer however hasn’t but delisted Mister Cellphone Cleaner. Hopefully, Google will take away the latter app shortly, however eradicating an app from the Play Retailer gained’t take away it from affected customers’ gadgets. These with these malicious apps already put in on their gadgets might want to manually take away the apps themselves.