SharkBot Malware Targeting Banking, Crypto Apps Resurfaces on Google Play Store: All Details

Once installed, the malware cancels ‘log-in with your fingerprint’ prompts forcing users to enter their password and username.

SharkBot Malware Targeting Banking, Crypto Apps Resurfaces on Google Play Store: All Details

Photo Credit: Reuters

Crypto scammers have been choosing mobile apps as a way to enter phones and laptops

Highlights
  • Google has not yet commented on the matter
  • Mister Mobile Cleaner app shows on Play Store in India
  • Kylhavy Mobile Security does not show on Play Store in India
Advertisement

Banking and crypto-related apps are at risk of being infected by a malware, that is making the round on Google Play wrapped as apps — Mister Phone Cleaner and Kylhavy Mobile Security. The malware is capable of stealing cookies from accounts and while bypassing authentication methods that require user input, such as fingerprints. The malware, known as the SharkBot dropper is used to infect users' devices once it is installed. Alberto Segura, a malware analyst tweeted about this resurgence of the malicious software on Twitter to alert Android users.

Once installed, the malware cancels the ‘log-in with your fingerprint' dialogs so that the users are forced to enter the password and username, according to Segura. The SharkBot malware is capable of bypassing two-factor authentication.

As per public Google Play store statistics, the Mister Phone Cleaner app has over 50,000 downloads. It is depicted by a blue logo showing a white and blue broom. While this app is available on the Play Store in India, the Kylhavy Mobile Security app does not show up in India, but it reportedly has over 10,000 downloads.

“This new Sharkbot dropper asks the victim to install the malware as a fake update for the antivirus to stay protected against threats,” Segura said in a blog post.

The main goal of the SharkBot malware was “to initiate money transfers from the compromised devices via Automatic Transfer Systems (ATS) technique bypassing multi-factor authentication mechanisms,” Cleafy Labs, an online fraud management firm had explained when the malware was first identifed.

Since mobile apps are an easy way to take control of smartphones, several scammers have been exploiting these apps to target victims.

Back in July, tech giants Apple and Google received letters from US lawmakers, asking for details on crypto-related apps that are available on the App Store and Play Store respectively. In these letters, Senator Sherrod Brown, the chair of the Senate Banking Committee also asked the companies to provide information on the ways they tackle potentially dangerous apps that may be promoting crypto scams.

Cyber criminals have stolen company logos, names, and other identifying information of crypto firms and then created fake mobile apps. It is imperative that app stores have the proper safeguards in place to prevent against fraudulent mobile application activity,” Brown wrote in his letters to the tech giants.

Last year, Google Play removed eight deceptive cryptocurrency apps after they were discovered to be crypto scam apps. These apps were BitFunds – Crypto Cloud Mining, Bitcoin Miner – Cloud Mining, Bitcoin (BTC) – Pool Mining Cloud Wallet, Crypto Holic – Bitcoin Cloud Mining, Daily Bitcoin Rewards – Cloud Based Mining System, Bitcoin 2021, MineBit Pro - Crypto Cloud Mining & BTC miner, and Ethereum (ETH) - Pool Mining Cloud.


With the next Apple event due very soon, we dive into all the leaks and rumours surrounding iPhone 14 on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Radhika Parashar
Radhika Parashar is a senior correspondent for Gadgets 360. She has been reporting on tech and telecom for the last three years now and will be focussing on writing about all things crypto. Besides this, she is a major sitcom nerd and often replies in Chandler Bing and Michael Scott references. For tips or queries you could reach out to her at RadhikaP@ndtv.com. More
Redmi G Pro Ryzen Edition Gaming Laptop Launch Set for September 7, Nvidia GeForce RTX 3060 GPU Teased
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »