Eventually, we hope to stop having to warn Android owners about infected apps that might be on their phones. Unfortunately, today is not that day. Last month, the security firm Fox-IT discovered trojans on Google Play posing as legitimate apps. Google removed the apps, but not before more than 60,000 Android users downloaded them.
Delete these malicious Android apps
According to Fox-IT, the apps “Mister Phone Cleaner” and “Kylhavy Mobile Security” were both droppers for the SharkBot malware. Unlike the previous droppers, neither relied on gaining accessibility permissions to perform the installation of the malware. Instead, the app would ask the user to install a fake update that would include the malware.
The Google Play store listings for the apps reveal that Mister Phone Cleaner had more than 50,000 downloads while Kylhavy Mobile Security had 10,000+. The attackers were targeting users in Spain, Australia, Poland, Germany, the US, and Austria.
The cybersecurity experts at Cleafy first uncovered SharkBot last October. Here’s how their team described the banking malware at the time:
The main goal of SharkBot is to initiate money transfers from the compromised devices via Automatic Transfer Systems (ATS) technique bypassing multi-factor authentication mechanisms (e.g., SCA). These mechanisms are used to enforce users’ identity verification and authentication, they are usually combined with behavioural detection techniques to identify suspicious money transfers.
Since that time, SharkBot has evolved. You can read more about the evolutions on Fox-IT’s blog, but one of the most terrifying is the malware’s ability to steal cookies. The new feature allows hackers to log cookies from banking sites. They can then use this information to steal your account details and hack into your bank account.
Needless to say, if you have either of these apps on your Android device, delete them right away. Google is always making improvements to keep malicious apps off of the Play store. Sadly, hackers are just as determined to steal your data.