SharkBot malware alert! This dangerous malware return as fake antivirus apps

tech.hindustantimes.com:

Dangerous SharkBot malware has made a return to the Google Play Store in the form of fake antivirus apps and cleaner apps. The malware is reportedly stealing users' banking data. The dangerous apps in question include apps like Mister Phone Cleaner and Kylhavy Mobile Security. And the bad news is the apps already have over 60,000 installations. Moreover, this malware is designed to target users in Spain, Australia, Poland, Germany, the U.S, and Austria. This new malware has been found by NCC Group's Fox-IT. They said that these apps don't rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware, instead, they ask the victim to install the malware as a fake update for the antivirus apps.

The reports claim that the new version of SharkBot is dubbed V2 by Dutch security firm ThreatFabric. The carrier apps feature an updated command-and-control (C2) communication mechanism, a domain generation algorithm (DGA), and a fully refactored codebase. injecting fake overlays to harvest bank account credentials. The malware can steal logging keystrokes, intercept SMS messages and carry out fraudulent fund transfers using the Automated Transfer System (ATS).

Fox-IT said that the newer version introduces a function to siphon cookies when victims log in to their bank accounts, as well as remove the ability to automatically reply to incoming messages with links to the malware. Another scary thing about this malware is that the operators are actively tweaking their techniques to bypass the security and make their way to the user's device.

SharkBot is a banking trojan first discovered in 2018. The malicious app was targeting crypto apps, with a specific focus on exchanges and trading services.