The malware called the SharkBot dropper is used to infect user devices once it is installed. Alberto Segura, a malware analyst has tweeted about this resurgence of the malicious software on Twitter to alert the Android users.
Wrapped as Mister Phone Cleaner and Kylhavy Mobile Security apps, a malware is making the rounds on Google PlayStore. This malware affects banking and crypto related apps. It is capable of stealing cookies from accounts and while bypassing authentication methods that require user input, such as fingerprints.
According to Segura, once this malware is installed, it cancels the ‘log-in with fingerprint’ dialogs so that users are forced to enter the password and username. The SharkBot malware is capable of bypassing two-factor authentication.
As per the public Google PlayStore statistics, the Mister Phone Cleaner app has over 50,000 downloads. The app is depicted by a blue logo showing a white and blue broom. While this app is available on the PlayStore in India, the Kylhavy Mobile Security app does not show up in India, but it is reported that it has more than 10,000 downloads.
Segura said in a blog post,“This new Sharkbot dropper asks the victim to install the malware as a fake update for the antivirus to stay protected against threats."
Cleafy Labs, an online fraud management company has explained that the main goal of the SharkBot malware is to initiate money transfers from the compromised devices via Automatic Transfer System technique bypassing the multi-factor authentication mechanisms.
Several scammers have been trying to exploit the Android users since mobile apps are an easy way to take control of smartphones.
To recall, a crypto mining malware which was disguised as a Google Translate app, had been foraying into thousands of computers. According to a study by Check Point Research (CPR), this malware called the “Nitokod" has been developed by a Turkey based entity as a desktop application for Google Translate.
Many Google users have downloaded this app on their PCs in the absence of Google’s official desktop app for Translate services. Once this app is downloaded it establishes elaborate crypto mining operation set-up on the infected devices.
