The SharkBot malware is back once again on Google Play Store, but this time with an upgraded version.
According to cybersecurity experts, the notorious virus has already infected some of the apps on the Android platform.
Users who have these applications should immediately remove them from their devices since they could steal their personal information without them knowing.
SharkBot Malware Infects Android Apps
(Photo : Pathum Danthanarayana from Unsplash)
According to the experts, the SharkBot dropper has already infected two Google Play Store apps.
Based on the latest report by Security Affairs, the Fox IT experts have discovered that a new variant of SharkBot dropper has been living in the Play Store for some time.
The dangerous banking trojan is reportedly seen on the Android store. Despite this, Google said that the two infected apps have no malicious code when they were subjected to automatic review.
The SharkBot malware pops out upon installation. When the user opens the particular application, the dropper will be started.
For those wondering about the identity of these apps, it's the "Kylhavy Mobile Security" and "Mister Phone Cleaner." If ever you encounter them on Google Play Store, avoid downloading them at all costs.
Although the apps are already removed from the digital store, people who have already installed them are still facing the risk of the virus. In this case, you need to manually delete them to avoid this problem.
Related Article: Google Play Store Confirms Banking Malware Sharkbot Has Been Removed | All Fake Antivirus Apps Deleted?
The Evolution of SharkBot
SharkBot is not an old virus that cybersecurity experts dealt with in the past. Italian online fraud prevention firm Cleafy was the first to discover this variant.
This year, the NCC Group spotted its presence on the Google Play apps. At that time, the analysts concluded that remote hackers could plant it through keylogging tactics, per Bleeping Computer.
Aside from that, the malware is versatile that can pull off remote control attacks thanks to the threat actors. All they need to do is to abuse the Accessibility Services.
Again, the Fox IT researchers saw the same virus on its revamped version. Last month, they noticed that SharkBot has evolved into a cookie-stealing malware so bank account logins are no longer safe from it.
Once a person inputs his bank information, the SharkBot will immediately steal a valid session cookie through the "logsCookie" command. Later, it will be sent to the C2.
The reason why hackers use this malware is that it can bypass security checks such as fingerprint scans and authentication codes.
Fox IT experts said that the SharkBot infection has been spreading in some parts of the United States, Spain, Germany, Austria, and Poland.
Now it has a new ability to steal cookies, the analysts predict that SharkBot will just continue to thrive and evolve for the next few years.
Read Also: Elon Musk's Crypto Interview Makes it to South Korean Government's YouTube After it Got Hacked
This article is owned by Tech Times
Written by Joseph Henry
