Researchers have cautioned that the SharkBotDropper malware, which was discovered in multiple antivirus applications in April, has invaded the Google Play Store once more.
The report claims two more Android antivirus applications have been identified to have the malware. These were meant to steal online banking credentials. According to the experts, SharkBot’s comeback is the next move in the cat-and-mouse game between cyberattacks and Google. The virus no longer installs itself through abusing an Android device’s accessibility permissions, but rather through an update to the following fake apps:
- Mister Phone Cleaner (more than 50,000 downloads)
- Kylhavy Mobile Security (more than 10,000 downloads)
Android banking malware
If customers have one of these applications installed, Sharkbot can compromise their private financial information in a variety of ways. When the legitimate banking app is opened, it may inject a false login page. If this occurs, users may encounter a screen that appears strange or varies somewhat from the typical interface. SharkBot is also known to intercept and conceal text communications, as well as log keystrokes and transfer them to an external server. It may also respond to incoming text and instant messages, distributing malware through a shortened URL. Sharkbot’s most powerful way of compromising banking credentials is allowing attackers to remotely tap into a user’s device, autofill transaction forms inside banking apps, and initiate transfers.
It’s a weak benefit that most of these features require banking applications to be granted access rights to function properly. Users should check to see whether they are enabled, and if they are, they should consider temporarily deleting their banking app. To guard against such cyberattacks users should conduct frequent security scans using reliable antivirus apps for Android and allow it to delete any dangers it identifies, such as SharkBot. If the device in issue is part of a bigger network, users should think about investing in endpoint security for their company. Those who have already been infected by the offending applications should delete them and refrain from using banking apps until the danger has been eliminated.
SharkBot’s design elements may indicate a shift in certain cyberattackers’ strategies, from infecting as many devices as possible to targeting devices in specific locations as part of geopolitical operations. The SharkBot campaign mostly targeted the United Kingdom and Italy in April, but Fox-IT discovered in late August that SharkBot’s command-and-control servers are now targeting Spain, Australia, Poland, Germany, Austria, and the United States as well.
Check Point Research stated that Sharkbot does not target every prospective victim it sees. It just selects ones, employing the geofencing functionality to detect and ignore users from China, India, Romania, Russia, Ukraine, or Belarus. Malware assaults may be frightening, especially when the intentions are unknown. That’s why it’s critical to have malware removal solutions on hand, capable of detecting and preventing threats in real-time. So, users never have to worry about a malicious assault again.