The malware can steal cookies from accounts. Also, while the user bypasses the authentication methods like fingerprint, it can steal. After the user installs and launches the dropper apps, the SharkBot malware is added. A malware analyst, Alberto Segura, posted a tweet about the malware to alert Android users.

SharkBot Malware Found On Play Store, Targets Crypto Apps

While submitting the malware to Google’s automatic review, the malware was present in two Android apps. The two malicious apps are “Mister Phone Cleaner” and “Kylhavy Mobile Security,” which has around 60,000 installations. However, both apps are removed from Google Play Store, but users who already have those apps on their smartphones are at risk. So, if you have these apps on your smartphone, immediately remove them manually.

— Alberto Segura (@alberto__segura) September 2, 2022 Once the malware is installed on your device, it cancels the Log-in with fingerprint dialogs. So the users are forced to enter the password. The SharkBot malware can bypass two-factor authentication. In a blog post, Segura said, “This new Sharkbot dropper asks the victim to install the malware as a fake update for the antivirus to stay protected against threats”. The main goal of the malware was to transfer money from compromised devices via Automatic Transfer Systems (ATS). A technique bypassing multi-factor authentication mechanisms. It is explained by Cleafy Labs, an online fraud management company. They explained it when the malware was first identified. Scammers can easily take control of smartphones via mobile apps, so most of them target victims via apps. Last year, eight deceptive cryptocurrency apps were removed from the Play Store after they were discovered as crypto scam apps. Last year in October 2021, malware analysts at Cleafy discovered SharkBot. Then in March 2022, NCC Group found out the apps were infected on Google Play Store. In May 2022, the researchers at ThreatFabric spotted SharkBot 2. It came with a domain generation algorithm (DGA). On August 22, researchers at Fox-IT discovered a new version of malware 2.25 which added the capability to steal cookies.

Δ

SharkBot Malware Found On Play Store  Targets Crypto Apps - 54SharkBot Malware Found On Play Store  Targets Crypto Apps - 50SharkBot Malware Found On Play Store  Targets Crypto Apps - 34SharkBot Malware Found On Play Store  Targets Crypto Apps - 78