Banking and crypto-related apps are at risk of being infected by a malware, that is making the round on Google Play wrapped as apps — Mister Phone Cleaner and Kylhavy Mobile Security. The malware is capable of stealing cookies from accounts and while bypassing authentication methods that require user input, such as fingerprints. The malware, known as the SharkBot dropper is used to infect users’ devices once it is installed. Alberto Segura, a malware analyst tweeted about this resurgence of the malicious software on Twitter to alert Android users.
Once installed, the malware cancels the ‘log-in with your fingerprint’ dialogs so that the users are forced to enter the password and username, according to Segura. The SharkBot malware is capable of bypassing two-factor authentication.
As per public Google Play store statistics, the Mister Phone Cleaner app has over 50,000 downloads. It is depicted by a blue logo showing a white and blue broom. While this app is available on the Play Store in India, the Kylhavy Mobile Security app does not show up in India, but it reportedly has over 10,000 downloads.
“This new Sharkbot dropper asks the victim to install the malware as a fake update for the antivirus to stay protected against threats,” Segura said in a blog post.
The main goal of the SharkBot malware was “to initiate money transfers from the compromised devices via Automatic Transfer Systems (ATS) technique bypassing multi-factor authentication mechanisms,” Cleafy Labs, an online fraud management firm had explained when the malware was first identifed.
Since mobile apps are an easy way to take control of smartphones, several scammers have been exploiting these apps to target victims.
Back in July, tech giants Apple and Google received letters from US lawmakers, asking for details on crypto-related apps that are available on the App Store and Play Store respectively. In these letters, Senator Sherrod Brown, the chair of the Senate Banking Committee also asked the companies to provide information on the ways they tackle potentially dangerous apps that may be promoting crypto scams.
“Cyber criminals have stolen company logos, names, and other identifying information of crypto firms and then created fake mobile apps. It is imperative that app stores have the proper safeguards in place to prevent against fraudulent mobile application activity,” Brown wrote in his letters to the tech giants.
Last year, Google Play removed eight deceptive cryptocurrency apps after they were discovered to be crypto scam apps. These apps were BitFunds – Crypto Cloud Mining, Bitcoin Miner – Cloud Mining, Bitcoin (BTC) – Pool Mining Cloud Wallet, Crypto Holic – Bitcoin Cloud Mining, Daily Bitcoin Rewards – Cloud Based Mining System, Bitcoin 2021, MineBit Pro – Crypto Cloud Mining & BTC miner, and Ethereum (ETH) – Pool Mining Cloud.