Buzz
Security researchers from Fox IT (Netherlands) recently discovered two apps containing the SharkBot malware.
The apps named 'Mister Phone Cleaner' and 'Kylhavy Mobile Security' were shared on the Google Play Store as system optimization and security apps. According to experts, these Android apps attracted over 60 thousand downloads before being removed from Google's app store.
When shared on the Google Play Store, these apps didn't include malicious code, thus bypassing Google's automated screening system. However, after installation, these apps silently perform an upgrade process to download and install malware onto the victim's device. To make detection even more challenging, SharkBot encrypts the app's source code using complex algorithms.
The SharkBot malware was discovered by the online security and anti-fraud company Cleafy on the Android platform in October 2021. The first app with the SharkBot malware was found on the Google Play app store in March 2022.
According to security experts, SharkBot malware can steal user-entered content on the keyboard, block SMS messages so hackers can read or remotely control the device. This allows hackers to steal money, personal information such as login credentials for bank accounts, social media accounts, etc., of the victim.
In late August 2022, security experts at Fox IT discovered an update to the SharkBot malware. This update includes a feature to steal cookies from bank accounts logged into the device and send them to the hacker's remote server, allowing hackers to infiltrate users' bank accounts.
According to Fox IT security experts, SharkBot malware targets users in Europe (Spain, Austria, Germany, Poland, Austria) and the United States. The perpetrator behind the spread of SharkBot malware has not yet been identified, but experts believe that hackers will continue to develop upgrades to bypass screening systems to steal information and users' bank accounts on Android devices.
According to security experts, although the apps have been removed from the Google Play Store, users who have installed these two apps are still at risk of being targeted by hackers and should immediately uninstall these apps from their devices.
