Attackers distributed two seemingly harmless apps via Google Play that steal online banking data from Android devices. You should do that right now.
New Android malware steals online banking data.
Security experts have discovered a new variant of the well-known banking Trojan Sharkbot on Google Play. This is reported by the IT news site Bleepingcomputer, which specializes in security issues.
This is how Sharkbot smuggles itself onto the smartphone
Sharkbot hides in two harmless-looking Android apps that have been made available for download on Google Play. According to the security researchers, the infected apps were downloaded around 60,000 times. The attackers managed to smuggle these two apps into Google Play because the apps’ code did not contain any malicious code when submitted to Google Play. Thus, the automatic review by Google could not find any defects. But once users have installed the seemingly harmless apps and started them for the first time, they launch an update that reloads and installs the Sharkbot components.
The two apps Sharkbot downloads are called “Mister Phone Cleaner” and “Kylhavy Mobile Security”. Google has already removed both apps from the Play Store, but anyone who has already installed the apps or one of them should uninstall them immediately.
This damage is dealt by Sharkbot
This Sharkbot upgrade steals online banking login credentials on Android devices. To do this, this Sharkbot variant can steal cookies associated with online banking accounts.
The security experts discovered this new Sharkbot variant on August 22, 2022 and gave it the version designation 2.25. This new version also uses a different technique to spread. The security researchers found that Sharkbot is currently being used for attacks in Spain, Austria, Germany, Poland, Australia and the USA.
Other, older variants of Sharkbot can also intercept SMS and read all keystrokes as a keylogger and overlay other apps. Likewise, attackers can gain full control over an Android system. The new Sharkbot version also offers these attack techniques.
How to protect yourself
If you have already installed “Mister Phone Cleaner” and/or “Kylhavy Mobile Security”, then remove these apps immediately and scan your Android device with an up-to-date Android virus scanner. To be on the safe side, also inform your bank.
Review: Best antivirus programs 2022 for Android
Before installing an app from Google Play, always read reviews from other users. Check if the rights the app is requesting fit the purpose of the app. Be suspicious if an update for a recent app is offered immediately after installing it.
Android: The 10 most common banking Trojans