Tuesday 4 October 2022
Home / none / Crypto app targeting SharkBot malware resurfaces on Google app store

Crypto app targeting SharkBot malware resurfaces on Google app store

A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements.

A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Friday, sharing their co-authored article on the Fox IT blog.

According to Segura, the new version of the malware was discovered on Aug. 22 and can “perform overlay attacks, steal data through keylogging, intercept SMS messages, or give threat actors complete remote control of the host device by abusing the Accessibility Services.”

The new malware version was found in two Android apps, Mister Phone Cleaner and Kylhavy Mobile Security, which have since amassed 50,000 and 10,000 downloads, respectively.

The two apps were able to initially make it to the Play Store as Google’s automated code review did not detect any malicious code, though it has since been removed from the store.

Some observers suggest that users who installed the apps may still be at risk and should remove the apps manually.

An in-depth analysis by Italian-based security firm Cleafy found that 22 targets had been identified by SharkBot, which included five cryptocurrency exchanges and a number of international banks in the United States, the United Kingdom and Italy.

As for the malware’s mode of attack, the earlier version of the SharkBot malware “relied on accessibility permissions to automatically perform the installation of the dropper SharkBot malware.”

But, this new version is different in that it “asks the victim to install the malware as a fake update for the antivirus to stay protected against threats.”

Once installed, should a victim log into their bank or crypto account, SharkBot is able to snatch their valid session cookie via the command “logsCookie,” which essentially bypasses any fingerprinting or authentication methods used.

The first version of the SharkBot malware was first discovered by Cleafy in October 2021.

Related: Sneaky fake Google Translate app installs crypto miner on 112,000 PCs

According to Cleafy’s first analysis of SharkBot, the main goal of SharkBot was “to initiate money transfers from the compromised devices via Automatic Transfer Systems (ATS) technique bypassing multi-factor authentication mechanisms.”

Original Article

About Jude Savage

Check Also

Ethereum Merge spikes block creation with a faster average block time

The Merge upgrade for Ethereum (ETH), which primarily sought to transition the blockchain into a proof-of-stake (PoS) consensus mechanism, has been revealed to have a positive impact on the creation of new Ethereum blocks. The Merge was considered one of the most significant upgrades for Ethereum. As a result of the hype, numerous misconceptions around cheaper gas fees and faster transactions plagued the crypto ecosystem, which was debunked by Cointelegraph. However, some of the evident improvements experienced by the blockchain post-Merge include a steep increase in daily block creation and a substantial decrease in average block time. Ethereum blocks per day. Source: YChartsOn Sept. 15, Ethereum completed The Merge upgrade after successfully transitioning the network to PoS. On the same day, the number of blocks created daily (EBC) shot up by roughly 18% — from approximately 6,000 blocks to 7100 blocks per day. Ethereum average block time (EBT). Source: YChartsComplementing this move..

Leave a Reply

Your email address will not be published. Required fields are marked *