Monday, December 5, 2022
 

Upgraded Sharkbot Crypto Malware Reappears on Google Play

  • New updated version of Sharkbot Malware surfaces on Google Play Store.
  • The malware targets cryptocurrency and banking applications.
  • Almost 60,000 android users are estimated to be at risk.

A newly improved version of a banking and cryptocurrency application targeting malware is making rounds on the Google Play store with the ability to steal cookies from account logins and bypass fingerprint or authentication requirements.

Information-stealing Android malware that usually targets cryptocurrency and banking applications known as Sharkbot was discovered a few months ago by security researchers, hiding in the shadows of the Google Play store behind ostensibly legitimate anti-virus (AV) and other mobile-friendly-looking applications.

On September 2, malware analyst Alberto Segura and threat intelligence analyst Mike Stokkel warned about the latest version of the virus on their Twitter accounts, publishing their co-authored article on Fox IT’s blog.

Two popular Android apps, “Mister Phone Cleaner” and “Kylhavy Mobile Security,” were recently revealed to be infected with the new strain of malware. These apps have over 10,000 and 50,000 downloads.

Initially, Google’s automated code analysis did not detect any harmful code in the two apps, hence being accepted into the Play Store. These applications have now been taken down.

Several observers have cautioned the 60,000 individuals who downloaded the apps that they may still be vulnerable and that they should uninstall the programs immediately.

Segura also warned that the malware can “perform overlay attacks, steal data through keylogging, intercept SMS messages, or give threat actors complete remote control of the host device by abusing the Accessibility Services.”

Five cryptocurrency exchanges and several multinational banks in the United States, the United Kingdom, and Italy were among 22 targets identified via in-depth research conducted by Italian security firm Leafy.

Experts believe that once SharkBot is installed, it can steal the victim’s legitimate session cookie with the command “logsCookie,” making fingerprinting and other authentication measures useless.

Cleafy discovered the original variant of the SharkBot virus back in October of 2021.

  • New updated version of Sharkbot Malware surfaces on Google Play Store.
  • The malware targets cryptocurrency and banking applications.
  • Almost 60,000 android users are estimated to be at risk.

A newly improved version of a banking and cryptocurrency application targeting malware is making rounds on the Google Play store with the ability to steal cookies from account logins and bypass fingerprint or authentication requirements.

Information-stealing Android malware that usually targets cryptocurrency and banking applications known as Sharkbot was discovered a few months ago by security researchers, hiding in the shadows of the Google Play store behind ostensibly legitimate anti-virus (AV) and other mobile-friendly-looking applications.

On September 2, malware analyst Alberto Segura and threat intelligence analyst Mike Stokkel warned about the latest version of the virus on their Twitter accounts, publishing their co-authored article on Fox IT’s blog.

Two popular Android apps, “Mister Phone Cleaner” and “Kylhavy Mobile Security,” were recently revealed to be infected with the new strain of malware. These apps have over 10,000 and 50,000 downloads.

Initially, Google’s automated code analysis did not detect any harmful code in the two apps, hence being accepted into the Play Store. These applications have now been taken down.

Several observers have cautioned the 60,000 individuals who downloaded the apps that they may still be vulnerable and that they should uninstall the programs immediately.

Segura also warned that the malware can “perform overlay attacks, steal data through keylogging, intercept SMS messages, or give threat actors complete remote control of the host device by abusing the Accessibility Services.”

Five cryptocurrency exchanges and several multinational banks in the United States, the United Kingdom, and Italy were among 22 targets identified via in-depth research conducted by Italian security firm Leafy.

Experts believe that once SharkBot is installed, it can steal the victim’s legitimate session cookie with the command “logsCookie,” making fingerprinting and other authentication measures useless.

Cleafy discovered the original variant of the SharkBot virus back in October of 2021.

 

Latest news