304 North Cardinal St.
Dorchester Center, MA 02124
SharkBot Malware Appears in Google PlayStore: Here’s How It Targets Crypto Apps Malware, which is packaged as Mister Phone Cleaner and Kylhavy Mobile Security, appears in the Google PlayStore. This malware affects banking and cryptocurrency-related applications. It is capable of stealing cookies from accounts while bypassing authentication methods that require user input, such as fingerprints.
The malware, called the SharkBot dropper, is used to infect users’ devices once it’s installed. Alberto Segura, a malware analyst, tweeted about this malware resurgence on Twitter to alert Android users.
According to Segura, once installed, this malware overrides the “fingerprint login” dialogs, forcing users to enter a password and username. SharkBot malware is able to bypass two-factor authentication.
According to Google PlayStore public statistics, Mister Phone Cleaner has more than 50,000 downloads. The application is represented by a blue logo depicting a white-blue broom. Although the app is available on the PlayStore in India, Kylhavy Mobile Security is not listed in India but is reported to have over 10,000 downloads.
Segura said in a blog post: “This new Sharkbot dropper asks the victim to install the malware as a fake antivirus update to stay protected from threats.”
Cleafy Labs, an online fraud management company, explained that the main purpose of the SharkBot malware is to initiate money transfers from compromised devices using an automated transfer system technique that bypasses multi-factor authentication mechanisms.
Several scammers try to exploit Android users because mobile apps are an easy way to take control of smartphones.
Recall that a cryptocurrency mining malware that was disguised as a Google Translate application broke into thousands of computers. According to a study by Check Point Research (CPR), this malware called “Nitokod” was developed by an entity based in Turkey as a desktop application for Google Translate.
Many Google users have downloaded this application to their computers because there is no official Google desktop application for Translate services. Once downloaded, this application creates a complicated cryptocurrency mining operation setup on the infected devices.