Banking and crypto-related apps are at risk of being infected by malware, which is masquerading as apps on Google Play — Mr. Phone Cleaner and Kylhavy Mobile Security. The malware is capable of stealing cookies from accounts and bypassing authentication methods that require user input, such as fingerprints. The malware known as Sharkbot Dropper is used to infect users’ devices once installed. Alberto Segura, a malware analyst, tweeted about the resurgence of the malicious software on Twitter to alert Android users.
Once installed, the malware spawns ‘log-in with your fingerprint’ dialogs that force users to enter passwords and usernames, according to Segura. SharkBot malware is able to bypass two-factor authentication.
According to public Google Play Store statistics, Mister Phone Cleaner app has more than 50,000 downloads. It is depicted with a blue logo depicting a white and blue broom. While the app is available on the Play Store in India, the Kylhavy Mobile Security app is not visible in India, but has over 10,000 downloads.
“This new Sharkbot dropper asks the victim to install the malware as a fake update for antivirus to stay protected from threats,” Segura said in a letter. Blog post,
The main objective of the Sharkbot malware was to “initiate money transfers from compromised devices through Automatic Transfer Systems (ATS) techniques, bypassing multi-factor authentication mechanisms”. Cleary LabsAn online fraud management firm explained when the malware was first identified.
Since mobile apps are an easy way to control smartphones, many scammers are using these apps to target victims.
In July, tech giants Apple and Google received letters from US lawmakers, asking for details of crypto-related apps available on the App Store and Play Store, respectively. In the letters, Senator Sherrod Brown, chairman of the Senate Banking Committee, asked companies to provide information on ways to combat potentially dangerous apps that fuel crypto scams.
“Cyber criminals steal company logos, names and other identifying information of crypto companies and then create fake mobile apps. It is imperative that app stores have appropriate security measures in place to prevent fraudulent mobile application activity,” Brown said wrote In Letters to Tech Giants.
Last year, Google Play removed eight fraudulent cryptocurrency apps after it was found to be crypto scam apps. These apps were BitFunds – Crypto Cloud Mining, Bitcoin Miner – Cloud Mining, Bitcoin (BTC) – Pool Mining Cloud Wallet, CryptoHolic – Bitcoin Cloud Mining, Daily Bitcoin Rewards – Cloud Based Mining System, Bitcoin 2021, MineBit ProCloud-Mining and BTC Miners, and Ethereum (ETH) – Pool Mining Cloud.
