A few months ago, it was revealed that a trojan disguised as an antivirus app was spreading through the Google Play Store. The malware appears to have evolved. The program now has the ability to steal user login cookies. The malware appears in apps that have been installed tens of thousands of times.
The Trojan is not detected by the Google Play Store because the malicious code is not present in the application, to begin with.
SharkBot is only downloaded with an update that is performed after the installation and the first launch of the app. Two compromised apps are “Mister Phone Cleaner” and “Kylhavy Mobile Security”. Both programs have more than 60,000 downloads together.
Although the two applications are noisy bleeding computer and have since been removed from the Google Play Store, all Android users who have already installed the app are at risk. The programs should not be started and uninstalled manually. SharkBot has long been able to manipulate Android’s accessibility features to perform arbitrary actions on the target device. Now the Trojan has been enhanced with a cookie stealing feature. Once the smartphone owner logs into their bank account, the session cookie is tapped and sent to a command and control server (C2).
Trojan can also perform wire transfers
In addition, SharkBot has the ability to completely take over a smartphone and control it remotely from the C2 server. In addition to login cookies, SMS can also be intercepted. With the stolen information it is possible to carry out banking transactions. In practice, however, this only happened in a few cases.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.