When you install an app from the Google Play Store, you can be sure that you are getting it from the safest source. But as we have seen so many times in the past, this does not guarantee that these apps are safe to use.
As reported on the Fox-IT blog, two apps (which have since been removed from the Play Store) managed to pass the usual malware checks and on tens of thousands of Android phones.
The hackers cleverly thwarted Google’s automatic checks by submitting harmless-looking apps that contained no malicious code. It was only when users first launched these apps that they requested an “update” which, if the user approves the request, downloads the Sharkbot malware.
This is particularly nasty because it specifically targets your banking password. According to the blog, the apps use a new version of Sharkbot (previously seen in March 2022) that uses the traditional “keylogging” technique to capture your banking password as you type it. But it is also designed to save your bank balance from the app and send it to hackers along with all the login details they managed to steal.
The two infected apps are ‘Mr Phone Cleaner‘ which had been installed by at least 50,000 people, and Kylhavy Mobile Security – a fake antivirus application.
Both trick users into installing the malware by claiming that they need to update. This means that they don’t need to ask for questionable permissions when they first install and, of course, allows them to pass Google Play Store verifications without any problems.
Google was quick to remove the apps, but if you have one or both on your phone, deleting them is crucial.
You should also run an antivirus scan using a genuine antivirus application such as Norton Mobile Security or Bitdefender Mobile Security.
Fox-IT researchers were able to examine the code and find that this latest version of Sharkbot targets many more countries than it did in March:
- UNITED STATES
They also say the malware targets certain apps and tries to block it from allowing the user to log in with their fingerprint and instead display a username and password form. If he didn’t, he couldn’t steal the login credentials.
The message also states that he expects more “campaigns” this year, which means more “cleaner” fake antivirus and Android apps appear on the Play Store and use the exact same strategy to stay undetected. .
So be on the lookout. Just because Mister Phone Cleaner and Kylhavy Mobile Security have been removed, there are probably many more waiting to be approved in Google Play.
Of course, Sharkbot is far from the first malware to attack your bank details: EventBot did something similar in 2020.
If you are looking for an antivirus app or an app to clean junk files and free up memory on your phone, make sure to install the genuine item. Beware of new apps with five-star user reviews; these are often fakes.
You can find our recommendations for the best Android antivirus.