Android: Notorious malware that steals login info sneaks back on devices

As hard as the team at Google tries to protect users of its Android iOS, hackers are also working to find ways of sneaking malicious apps onto devices. The latest malware which made it past Google Play Store’s security checks is the Sharkbot which targets banking logins of Android users, according to Bleepingcomputer.com.

Sharkbot’s comeback

According to cybersecurity experts, a new and upgraded version of the Sharkbot malware was present in two Android apps successfully went through Google’s automatic review. The bug only gets on the device when users update them. According to Fox IT, a member of information assurance firm, NCC, the two malicious apps are, Mister Phone Cleaner and Kylhavy Mobile Security, which have collectively been installed 60,000 times.

The two apps have since been removed from Google Play Store, but users who have them installed on their devices could still be at risk. Delete them immediately if you have them installed on your phone. When NCC first spotted the evolved version of the malware in March 2022…

the malware could perform overlay attacks, steal data through keylogging, intercept SMS messages, or give threat actors complete remote control of the host device by abusing the Accessibility Services.

What’s new?

Researchers at Fox IT discovered a new version of the malware (2.25) on August 22, which adds the capability to steal cookies from bank account logins. Additionally, the new dropper apps do not abuse the Accessibility Services as they did before, Fox IT said:

Abusing the accessibility permissions, the dropper was able to automatically click all the buttons shown in the UI to install Sharkbot. But this not the case in this new version of the dropper for Sharkbot

Read more:

⋙ Android users warned to check Wi-Fi settings to avoid serious privacy issue

⋙ Android users: Delete these 35 apps now to protect your financial information

⋙ Android users: Samsung wants to pay you to make a switch. Here’s how