SharkBot Malware-targeting Crypto Software Resurfaces on Google App Store
A recently upgraded version of a malware-targeting banking and crypto software has just resurfaced on the Google Play store, now with the ability to collect cookies from account logins and circumvent biometric or authentication requirements.
On September 2, malware analyst Alberto Segura and cyber intelligence analyst Mike Stokkel issued a warning regarding the latest version of the malware on their Twitter accounts, sharing their co-authored piece on the Fox IT blog.
According to Segura, “the latest version of the malware was detected on August 22 and is capable of performing overlay attacks, stealing data through keylogging, intercepting SMS messages, and granting threat actors complete remote control of the host device by exploiting Accessibility Services.”
The new malware variant was discovered in two Android apps, Mister Phone Cleaner and Kylhavy Mobile Security, both of which have received 50,000 and 10,000 downloads, respectively.
The two applications were initially allowed onto the Play Store because Google's automated code review did not discover any malicious code, but they have subsequently been withdrawn.
Some observers believe that customers who installed the applications are still vulnerable and should uninstall them manually.
An in-depth analysis by the Italian security firm Cleary discovered that SharkBot had identified 22 targets, including five cryptocurrency exchanges and a number of foreign banks in the United States, United Kingdom, and Italy.
In terms of the malware's mechanism of attack, an earlier version of the SharkBot malware depended on accessibility rights to install the dropper SharkBot malware automatically.
However, this new version differs in that it requests that the victim install the malware as a bogus update for the antivirus in order to remain protected from threats.
Once installed, SharkBot is able to steal a victim's legitimate session cookie through the command "logsCookie," thereby bypassing any fingerprinting or authentication techniques employed.
In October 2021, Cleafy made the initial discovery of the SharkBot malware. According to Cleafy's first analysis of SharkBot, the primary objective of SharkBot was to initiate financial transfers from the compromised devices using the Automatic Transfer Systems (ATS) approach while eluding multi-factor authentication systems.
Read also: Chinese Metaverse Industry Raises $780M in Funding: Report
