Antivirus for Android spreads bank data stealing malware




Antivirus with Sharkbot malware has accumulated more than 60,000 installations from two applications available on the Google Play Store

Antivirus with Sharkbot malware has accumulated more than 60,000 installations from two applications available on the Google Play Store

Photo: Adrien / Unsplash / Canaltech

This Monday, 5th, a new campaign with the old acquaintance Sharkbot malware returned to using antivirus apps and utilities as bait to contaminate Android smartphones. With that, again, came considerable reach, with the two apps used in this offensive accumulating more than 60,000 downloads through Play Storebefore being removed by Google.

The plague was hiding in the apps Mister Phone Cleanerwhich promised to protect the device and improve performance, and in the Kylhavy Mobile Security, which as the name implies, focused on security. In both cases, the applications did not contain malicious code, with Sharkbot being delivered after installation, through an alleged solution update.

It is yet another way used by cybercriminals to evade automatic detection by Google’s security systems. It also helps that the pest does not try to abuse the Accessibility Services of the operating system, a common alternative in such offensives, but which has also been receiving attention from the company. Instead, such an update comes in the form of an APK containing the pest and relies on user interaction to install.



Two security-focused rogue apps were used in a new Sharkbot malware campaign on the Google Play Store;  they've gone offline, but whoever installed them remains at risk (Image: Reproduction/FoxIT)

Two security-focused rogue apps were used in a new Sharkbot malware campaign on the Google Play Store; they’ve gone offline, but whoever installed them remains at risk (Image: Reproduction/FoxIT)

Photo: Reproduction / FoxIT / Canaltech

Once this process is completed, the virus is able to intercept SMS messages, collect typed data and control the device remotely, in addition to stealing cookies that allow intrusion into user accounts. Whenever it detects an open session in a banking application or cryptocurrency wallet, such data is sent to a command and control server, through which criminals can later carry out fraud.

The new campaign was discovered by security researchers at Fox IT and demonstrates continued development of Sharkbot in the face of changes implemented by Google to make Android more secure. These include more visible warnings about the risk of granting access to Accessibility Services and greater scrutiny of apps published on the official store, both of which are addressed by this new version of the plague.

According to the report on the exploitation, users from five countries would be the targets: the United States, Spain, Germany, Poland and Austria. The main security recommendation involves paying attention when downloading solutions, with users preferring apps that come from certified developers and that have a good reputation, as well as a good number of downloads.

While the specific danger has passed, with the removal of the software from the Play Store, users who performed the download are still at risk and should delete the apps as soon as possible by performing scans and security checks on the smartphone. Also, as an ongoing campaign, the Sharkbot is likely to strike again, with caution cited being the best path to protection.

Source: FoxIT

Trending on Canaltech:

Source link

About Admin

Check Also

Cryptos Today: Cryptocurrencies Erase Gains After Wall Street Sell-off; indicator suggests a general exodus of investors

The cryptocurrency market started the week on a high, but was shaken on Monday (5) …

Leave a Reply

Your email address will not be published. Required fields are marked *