Click to Skip Ad
Closing in...

These fake Android antivirus apps steal banking info, so delete them now

Published Sep 7th, 2022 6:03PM EDT
Watch out for these malware-laden Android apps.
Image: Fox-IT

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Eventually, we hope to stop having to warn Android owners about infected apps that might be on their phones. Unfortunately, today is not that day. Last month, the security firm Fox-IT discovered trojans on Google Play posing as legitimate apps. Google removed the apps, but not before more than 60,000 Android users downloaded them.

Delete these malicious Android apps

According to Fox-IT, the apps “Mister Phone Cleaner” and “Kylhavy Mobile Security” were both droppers for the SharkBot malware. Unlike the previous droppers, neither relied on gaining accessibility permissions to perform the installation of the malware. Instead, the app would ask the user to install a fake update that would include the malware.

The Google Play store listings for the apps reveal that Mister Phone Cleaner had more than 50,000 downloads while Kylhavy Mobile Security had 10,000+. The attackers were targeting users in Spain, Australia, Poland, Germany, the US, and Austria.

The cybersecurity experts at Cleafy first uncovered SharkBot last October. Here’s how their team described the banking malware at the time:

The main goal of SharkBot is to initiate money transfers from the compromised devices via Automatic Transfer Systems (ATS) technique bypassing multi-factor authentication mechanisms (e.g., SCA). These mechanisms are used to enforce users’ identity verification and authentication, they are usually combined with behavioural detection techniques to identify suspicious money transfers.

Since that time, SharkBot has evolved. You can read more about the evolutions on Fox-IT’s blog, but one of the most terrifying is the malware’s ability to steal cookies. The new feature allows hackers to log cookies from banking sites. They can then use this information to steal your account details and hack into your bank account.

Needless to say, if you have either of these apps on your Android device, delete them right away. Google is always making improvements to keep malicious apps off of the Play store. Sadly, hackers are just as determined to steal your data.

Jacob Siegal
Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.