The two apps that have been reportedly found to be infected with the Sharkbot banking trojan are:
- Mister Phone Cleaner (com.mbkristine8.cleanmaster, over 50,000 downloads)
- Kylhavy Mobile Security (com.kylhavy.antivirus, over 10,000 downloads)
As per the report , the apps are designed to target users in Spain, Australia, Poland, Germany, the US and Austria specifically. But whatever location you are based out of, downloading these apps endangers your banking security just the same.
“This new dropper doesn’t rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware,” says the report by Fox-IT . “Instead, this new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats.”
The new version of Sharbot masquerading as the above-mentioned apps is dubbed V2 by Dutch security firm ThreatFabric, “which features an updated command-and-control (C2) communication mechanism, a domain generation algorithm (DGA), and a fully refactored codebase.”
The new banking trojan has a version number 2.25 and was reportedly discovered by the researchers on August 22, 2022. This version comes with an upgrade that allows it to “siphon cookies when victims log in to their bank accounts, while also removing the ability to automatically reply to incoming messages with links to the malware for propagation.”
What other damage can the new Sharkbot version do?
The Sharbot trojan is designed to steal information and besides stealing cookies and evading the Accessibility permissions, it can inject fake overlays to harvest bank account credentials, log your keystrokes, intercept SMS messages and use its Automated Transfer System to siphon off funds from your bank accounr.