Wrapped under the Mister Phone Cleaner and Kylhavy Mobile Security apps, malware is making the rounds of Google PlayStore. This malware affects banking and crypto-related applications. It is capable of stealing cookies from accounts and bypassing authentication methods that require user input, such as fingerprints.
The malware called the SharkBot dropper is used to infect users’ devices once it gets installed. Alberto Segura, a malware analyst tweeted about this malware resurgence on Twitter to alert Android users.
According to Segura, once this malware is installed, it overrides “fingerprint login” dialogs so that users are forced to enter the username and password. SharkBot malware is able to bypass two-factor authentication.
– Advertising –
According to public Google PlayStore statistics, Mister Phone Cleaner app has more than 50,000 downloads. The app is represented by a blue logo showing a white and blue broom. Although this app is available on PlayStore in India, Kylhavy Mobile Security app does not appear in India but it is reported to have over 10,000 downloads.
Segura said in a blog post, “This new Sharkbot dropper asks the victim to install the malware as a fake update to keep the antivirus safe from threats. »
Cleafy Labs, an online fraud management company, explained that the main objective of the SharkBot malware is to initiate money transfers from the compromised devices via the automatic transfer system technique by bypassing the mechanisms of multi-factor authentication.
Several scammers have attempted to exploit Android users since mobile apps are an easy way to take control of smartphones.
As a reminder, a crypto mining malware that was disguised as a Google Translate application, had made an incursion into thousands of computers. According to a study by Check Point Research (CPR), this malware called “Nitokod” was developed by an entity based in Turkey as a desktop application for Google Translate.
Many Google users have downloaded this application on their PC in the absence of the official Google desktop application for Translate services. Once this application is downloaded, it establishes an elaborate configuration of crypto mining operation on the infected devices.