The SharkBot mobile malware has been spotted with new upgrades on the Google Play Store, according to the NCC Group. The Fox-IT branch of the NCC Group released a new blog post detailing the malware and the apps it is currently hiding in. According to the report, the new version of SharkBot targets the banking credentials of Android users. The apps identified by researchers have 60,000 installations collectively. The apps, including Mister Phone Cleaner and Kylhavy Mobile Security, have since been removed from the Play Store.
The new malware version does not rely on users to accept Accessibility permissions to perform the installation of the dropper, warned the researchers. Therefore, it may be harder to spot. The apps request that the victim install the malware as part of a fake update to the app. Both of the apps are focused on security, and advertise the malware installation as an update for the antivirus software. This method, therefore, depends on user interaction but is more challenging to detect as it does not require accessibility permissions. The latter is often suspicious to Android users, however, updates are much more common.
Read More: SharkBot Malware Resurfaces on Google Play to Steal Users’ Credentials