SharkBot banking trojan has been spotted in the Play Store, and in an antivirus app, of all places. SharkBot is not new, though, it was first spotted back in October 2021, this is just its reappearance of sorts.
SharkBot trojan has been spotted in an antivirus app
It was discovered by security researchers over at Cleafy, by the way. Now, British IT security researchers discovered that an updated SharkBot is hiding in an antivirus app, which was still available in the Play Store at the time of writing this article.
SharkBot functions like a three-layer poison pill, which is a very graphic way of describing it. One layer is masking itself as the antivirus, and the second layer as a scaled-down version of SharkBot that then updates itself by downloading the actual malware. That’s when it’s fully functional, and can do some serious damage.
SharkBot’s main goal is to steal your money, and to do so, it needs to access your bank account(s). SharkBot usually activates itself when it detects an active banking app.
So, how does it do it? Well, it will throw an overlay screen on your smartphone, that looks like a bank in question, trying to get you to provide your login credentials. Many people don’t really know the difference, and fall for it.
It can do a lot of damage, and if you installed this antivirus app, delete it immediately
The program also activates a keylogger at that time, which sends your credentials to a third-party server. This software can even peek at your incoming notifications, and send out messages for you. It essentially can take control of your phone.
The app that SharkBot has been spotted in is still in the Play Store, as I already mentioned, at least it was at the time this article was being typed up. Its name is ‘Antivirus, Super Cleaner’, and if you installed it, it would be wise to delete it immediately. You may even want to factory reset your phone, just to be sure.
2022-03-07 15:05:58