Two new Android malwares with the ability to steal bank accounts have been detected

Antivirus program Mister Phone Cleaner and Kylhavy Mobile Security have been downloaded a total of 60,000 times so far, and their goal is to speed up bank account logins, which they do by installing a fuller version of the infamous SharkBot malware.

These two apps were first released on the Google Play Store because they did not contain any malicious code that would have caused Google to reject them. Mister Phone Cleaner and Kylhavy Mobile Security are utilities created to transfer malware to Android smartphones. After installing these programs, a message is displayed to the user telling them to install the update package for more complete protection against threats, which is actually a method to install SharkBot on the victim’s phone.

Android malware

Although these apps have now been removed from the Google Play Store, people who have already downloaded them should remove them as soon as possible, otherwise, there is a possibility that their personal information and sensitive accounts, including their bank accounts, will be compromised.

SharkBot was first discovered in late 2021, and the first accompanying apps were spotted in the Google App Store in March of this year. The modus operandi at the time was to steal information through keyloggers, intercept text messages, trick users using screen overlay attacks to reveal sensitive information, or give cybercriminals remote control of an infected device by abusing access services.

Android malware

An upgraded version called SharkBot 2 was spotted in May, and Fox-IT stumbled upon version 2.25 on August 22; An update that could steal through cookies and user login to bank accounts. Newly discovered apps with SharkBot 2.25 don’t exploit accessibility services and don’t require direct response features, as these can make it harder to get them approved for official release on Google Play.

Related article:

The new SharkBot malware instead asks command and control servers to download the Sharkbot APK file directly. After that, Dropper apps will notify the user about the new update and ask him to install the APK and grant the necessary permissions.

SharkBot encrypts its hard-coded configuration to prevent automatic detection.

When a user logs in to their bank account, SharkBot uses its own logger to remove valid session cookies and send it to the command and control server. Cookies are valuable to threat actors because they help them bypass fingerprint checks and, in some cases, don’t even require user authentication tokens.

SharkBot can steal data such as passwords and account balances from official banking applications. Of course, in some applications, fingerprints can prevent attackers from entering.

SharkBot appears to be targeting users in Australia, Austria, Germany, Italy, Poland, Spain, the United Kingdom, and the United States.

The SharkBot developers are still working to improve the malware, and Fox-IT expects the team to launch more malware campaigns in the future.

To avoid falling into the trap of such programs, it is better not to download them from unknown publishers, especially those that are not very popular among users.

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker