"Malicious Malware SharkBot Returns to Google Play to Steal Users' Credentials"
SharkBot malware, which targets Android users' banking credentials via apps with tens of thousands of downloads, has returned to the Google Play Store. Two Android apps submitted to Google's automated review contained no dangerous code but included malware. However, Sharkbot is only included in an update that occurs after the user downloads and runs the dropper applications. According to a blog post by Fox IT, a division of the NCC Group, the two fraudulent applications are "Mister Phone Cleaner" and "Kylhavy Mobile Security," which have a total of 60,000 installs. Although Google Play has removed these two apps, anyone who downloaded them is still at risk and must uninstall them manually. SharkBot was discovered by malware researchers at the Italian online fraud management and prevention firm Cleafy in October 2021. In March 2022, NCC Group discovered the first apps that used it on Google Play. At the time, the malware was capable of overlay attacks, data theft via keylogging, SMS message interception, and total remote control of the host device via Accessibility Services. ThreatFabric researchers discovered SharkBot 2 in May 2022. It had a Domain Generation Algorithm (DGA), an improved communication protocol, and completely refactored code in this version. Fox IT malware researchers discovered a new version of the infection on August 22, including the ability to harvest cookies from bank account logins. Furthermore, unlike in the past, the new dropper applications do not make use of accessibility services. This article continues to discuss the history and latest activities of the SharkBot malware.