Dates back to April, security researchers found the SharkBotDropper trojan in several antivirus apps in the Google Play Store, including Antivirus and Super Cleaner. However, a new report by Fox-IT suggests that two new Android antivirus apps are infected with the SharkBot trojan. As per the report, Mister Phone Cleaner with 50,000+ downloads and Kylhavy Mobile Security with 10,000+ downloads are the latest apps that carry SharkBot trojan. This Android malware is designed to steal online banking credentials. The way SharkBot attacks the device is new, and it no longer needs the device’s accessibility permissions. Sharkbot is also selective with its victims. A report by Check Point Research indicated that “Sharkbot doesn’t target every potential victim it encounters, but only select ones, using the geofencing feature to identify and ignore users from China, India, Romania, Russia, Ukraine or Belarus.”
SharkBot trojan uses several methods to steal banking credentials
When it comes to snitching into online banking credentials, SharkBot trojan takes various approaches. First, it might launch a fake login page once the user opens the banking app. This page is very identical to the original banking page, but hackers control it. The second method is to log key presses and send them to an external server. The malware can also reply to the text message and spread itself through shareable links within the texts. Additionally, the SharkBot trojan can create a passway for hackers to sneak into the device and autofill transaction forms in the banking app. If you have installed Mister Phone Cleaner and Kylhavy Mobile Security apps, you need to uninstall them as fast as you can. Then, you should stop using banking apps until the threat is completely wiped out. The next thing you can do is to download only reputable and reliable antivirus apps. Stay away from unknown and infamous apps.
