Crypto app targeting SharkBot malware resurfaces on Google App Store

An updated version of a malware-targeted banking and crypto app has recently reappeared on the Google Play Store, now with the ability to steal cookies from account logins and bypass fingerprint or password requirements. authentication.

Malware analyst Alberto Segura and intelligence analyst Mike Stokkel shared a warning about the new version of the malware on Twitter accounts on September 2, sharing their co-authored post on the Fox IT blog.

According to Segura, the new version of the malware was discovered on August 22 and can “perform overlay attacks, steal data via keylogging, intercept SMS messages, or give hackers complete remote control of the host device by abusing accessibility services. ”

The new version of the malware was found in two Android apps: “Mister Phone Cleaner” and “Kylhavy Mobile Security”, which have since recorded 50,000 and 10,000 downloads respectively.

Both apps were initially able to make it to the Play Store because Google’s automated code review found no malicious code, although it has since been removed from the store.

Some observers suggest that users who installed the apps may still be at risk and should remove the apps manually.

An in-depth analysis by Italian security firm Cleafy revealed that SharkBot had identified 22 targets, including five cryptocurrency exchanges and several international banks in the US, UK and Italy.

As for how the malware attacks, the previous version of SharkBot malware “relyed on accessibility permissions to automatically install the SharkBot malware dropper.”

But this new version is different because “it asks the victim to install the malware as a fake update so that the antivirus remains protected against threats”.

Once installed, if a victim logs into their bank or crypto account, SharkBot can retrieve their valid session cookie via the “logsCookie” command, which essentially bypasses any identification or authentication method used.

The first version of the SharkBot malware was the first discovered by Cleafy in October 2021.

Related: Fake and Sneaky Google Translate App Installs Cryptominer on 112,000 PCs

According to SharkBot’s first Cleafy analysis, SharkBot’s main objective was “to initiate money transfers from compromised devices via the technique of automatic transfer systems (ATS) by bypassing multi-factor authentication mechanisms”.

We would like to say thanks to the author of this article for this amazing web content

Crypto app targeting SharkBot malware resurfaces on Google App Store

You can view our social media profiles here and additional related pages here.