Home
News
Warning Regarding the New Version
Since its first discovery in October of last year, the SharkBot malware family has developed new methods for breaking into Android-based bank and cryptocurrency apps used by consumers. Recently, a banking and cryptocurrency software that targets malware reappeared on the Google Play market with an updated version that can now collect cookies from account logins and get through fingerprint or authentication constraints.
Using their joint article from the Fox-IT blog, malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel shared a warning about the new version of the malware on their Twitter accounts on Friday.
How does it Happen?
The new malware, which Segura claims was found on August 22, can perform overlay attacks, steal data through keylogging, intercept SMS messages, or give threat actors complete remote control of the host device by abusing the Accessibility Services, in addition to performing other malicious activities. Two Android applications, Mister Phone Cleaner, and Kylhavy Mobile Security, which have subsequently had 50,000 and 10,000 downloads, respectively, were revealed to contain the latest malware variant.
Although it has now been taken down from the market, the two applications were first accepted onto the Play Store because Google’s automatic code review did not find any dangerous code. According to some analysts, those who downloaded the applications may still be in danger and should manually uninstall them.
Five cryptocurrency exchanges and a number of foreign institutions in the US, the UK, and Italy were among the 22 targets identified by SharkBot, according to a thorough study by the security company Cleafy of Italy. According to the malware’s mechanism of attack, the previous SharkBot virus depended on accessibility rights to automatically finish the installation of the dropper SharkBot malware.
The most recent version, however, stands out since it requests the user to install the malware as a fake antivirus update in order to stay safe from threats. After being installed, SharkBot may use the command logsCookie to steal a victim’s legitimate session cookie whenever they log into their bank or cryptocurrency account, thereby bypassing any fingerprinting or authentication measures.
Nancy J. Allen is a crypto enthusiast, with a major in macroeconomics and minor in business statistics. She believes that cryptocurrencies inspire people to be their own banks, and step aside from traditional monetary exchange systems. She is also intrigued by blockchain technology and its functioning. She frequently researches, and posts content on the top altcoins, their theoretical working principles and technical price predictions.
