Security News > 2022 > September > Fake Antivirus and Cleaner Apps Caught Installing SharkBot Android Banking Trojan
The notorious Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps.
"This new dropper doesn't rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware," NCC Group's Fox-IT said in a report.
"Instead, this new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats."
The droppers are designed to drop a new version of SharkBot, dubbed V2 by Dutch security firm ThreatFabric, which features an updated command-and-control communication mechanism, a domain generation algorithm, and a fully refactored codebase.
It's no surprise that malware poses an evolving and omnipresent threat, and despite continued efforts on the part of Apple and Google, app stores are vulnerable to unknowingly being abused for distribution, with the developers of these apps trying every trick in the book to dodge security checks.
"Until now, SharkBot's developers seem to have been focusing on the dropper in order to keep using Google Play Store to distribute their malware in the latest campaigns," researchers Alberto Segura and Mike Stokkel said.
News URL
https://thehackernews.com/2022/09/fake-antivirus-and-cleaner-apps-caught.html
Related news
- Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users (source)
- TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud (source)
- New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities (source)
- Hackers steal banking creds from iOS, Android users via PWA apps (source)