Security News > 2022 > September > SharkBot malware sneaks back on Google Play to steal your logins
A new and upgraded version of the SharkBot malware has returned to Google's Play Store, targeting banking logins of Android users through apps that have tens of thousands of installations.
Malware analysts at Cleafy, an Italian online fraud management and prevention company, discovered SharkBot in October 2021.
Researchers at Fox IT discovered a new version of the malware on August 22, which adds the capability to steal cookies from bank account logins.
"Abusing the accessibility permissions, the dropper was able to automatically click all the buttons shown in the UI to install Sharkbot. But this not the case in this new version of the dropper for Sharkbot," Fox IT. "The dropper instead will make a request to the C2 server to directly receive the APK file of Sharkbot. It won't receive a download link alongside the steps to install the malware using the 'Automatic Transfer Systems' features, which it normally did," Fox IT says.
During the investigation, Fox IT's observed new SharkBot campaigns in Europe and the U.S. The researchers noticed that the malware uses in these attacks the keylogging feature and steals the sensitive info straight from the official app it targets.
With an improved version of the malware available, Fox IT expects SharkBot campaigns to continue and an evolution of the malware.
News URL
Related news
- Android 15, Google Play get new anti-malware and anti-fraud features (source)
- Android 15, Google Play Protect get new anti-malware and anti-fraud features (source)
- Google's new AI search results promotes sites pushing malware, scams (source)
- Apps secretly turning devices into proxy network nodes removed from Google Play (source)
- Free VPN apps on Google Play turned Android phones into proxies (source)
- Google ad impersonates Whales Market to push wallet drainer malware (source)