{"id":35131,"date":"2022-09-05T03:40:52","date_gmt":"2022-09-05T07:40:52","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=35131"},"modified":"2022-09-05T03:40:54","modified_gmt":"2022-09-05T07:40:54","slug":"sharkbot-malware-reappears-on-google-play-store","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/sharkbot-malware-reappears-on-google-play-store\/","title":{"rendered":"SharkBot malware reappears on Google Play store"},"content":{"rendered":"\n
SharkBot malware which was found last October has continued to expand with new ways to hack Android crypto and bank apps.<\/h5>\n\n\n\n
\"SharkBot
SharkBot malware reappears on Google Play store<\/figcaption><\/figure>\n\n\n\n

Recently, a banking and cryptocurrency software that targets malware <\/a>reappeared on the Google Play store with an updated version that can now steal cookies from account logins and get through fingerprint or authentication constraints.<\/p>\n\n\n\n

On September 2, malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel tweeted a warning about the latest version of the malware on their Twitter accounts, linking to a report they co-authored for Fox IT.<\/p>\n\n\n\n

\n

We discovered a new version of #SharkbotDropper\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a> in Google Play used to download and install #Sharkbot<\/use><\/svg><\/span><\/a>! The found droppers were used in a campaign targeting UK and IT! Great work @Mike_stokkel<\/use><\/svg><\/span><\/a>! https:\/\/t.co\/uXt7qgcCXb<\/use><\/svg><\/span><\/a><\/p>— Alberto Segura (@alberto__segura) September 2, 2022<\/use><\/svg><\/span><\/a><\/blockquote>

The new malware<\/use><\/svg><\/span><\/a>, which Segura claims was found on August 22, has the ability to “perform overlay attacks, steal data through keylogging, intercept SMS messages, or give threat actors complete remote control of the host device by abusing the Accessibility Services,” among other things.<\/p>\n\n\n\n

Two Android apps, “Mister Phone Cleaner” and “Kylhavy Mobile Security,” which have subsequently had 50,000 and 10,000 downloads, respectively, were found to contain the latest malware version.<\/p>\n\n\n\n

As no dangerous code was found by Google's automated code review, the two apps were initially accepted into the Play Store<\/a>. It was later taken out of the shop, though.<\/p>\n\n\n\n

The 60,000 users who installed the apps, however, may still be at risk and should manually remove them, according to analysts.<\/p>\n\n\n\n

Five cryptocurrency exchanges and a number of foreign institutions in the US, UK, and Italy were among the 22 targets identified by SharkBot, according to an in-depth investigation by the Italian security company Leafy.<\/p>\n\n\n\n

The older SharkBot virus “relied on accessibility permissions to automatically complete the installation of the dropper SharkBot malware,” according to the malware's mode of attack.<\/p>\n\n\n\n

The latest version, however, is distinctive since it “asks the user to install the malware<\/a> as a phony update for the antivirus to keep protected against attacks.”<\/p>\n\n\n\n

If SharkBot is installed, it can use the command “logsCookie” to steal the victim's legitimate session cookie once they log into their bank or cryptocurrency account, effectively bypassing any fingerprinting or authentication measures.<\/p>\n\n\n\n

\n

This is interesting!
Sharkbot Android malware is cancelling the "Log in with your fingerprint" dialogs so that users are forced to enter the username and password
(according to @foxit<\/use><\/svg><\/span><\/a> blog post) pic.twitter.com\/fmEfM5h8Gu<\/use><\/svg><\/span><\/a><\/p>— \u0141ukasz (@maldr0id) September 3, 2022<\/use><\/svg><\/span><\/a><\/blockquote>

Cleafy made the initial discovery of the SharkBot virus <\/a>in October 2021.<\/p>\n\n\n\n

SharkBot's primary objective, according to Cleafy's first investigation, was “to begin money transfers from the infected devices via Automatic Transfer Systems (ATS) approach evading multi-factor authentication measures.”<\/p>\n","protected":false},"excerpt":{"rendered":"

SharkBot malware which was found last October has continued to expand with new ways to hack Android crypto and bank apps. Recently, a banking and cryptocurrency software that targets malware reappeared on the Google Play store with an updated version that can now steal cookies from account logins and get through fingerprint or authentication constraints. […]<\/p>\n","protected":false},"author":38,"featured_media":35135,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[21],"tags":[4231,11256],"class_list":["post-35131","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-malware","tag-sharkbot"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/09\/Google-Android.webp","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/35131","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/38"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=35131"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/35131\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/35135"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=35131"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=35131"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=35131"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}