Sharkbot Malware bypassed googleplay store security

That in a recent event they spotted a upgraded version of sharkbot malware on official google playstore.

Fox IT reports

Sharkbot malware which is also known as Banking Trojan virus. steals the banking data of its users.

Previously, the dropper relied on Accessibility permissions to automatically install the Sharkbot malware; however, this new variant asks the victim to install the malware as a bogus antivirus update.

White Frame Corner

These two apps Mister Phone Cleaner and Kylhavy Mobile Security with 10k and 60k installations are marked as sharkbot effected apps on playstore. 

droppers are designed to drop a new version of SharkBot, dubbed V2 by Dutch security firm ThreatFabric, which features an updated  (C2) communication mechanism. 

White Frame Corner

The trojan is designed to target users in Austria, Australia, U.S, Germany & Poland. 

On the 22nd of August 2022, Fox-IT’s Threat Intelligence team found a new Sharkbot sample with version 2.25; communicating with command-and-control servers mentioned previously. 

This Sharkbot version introduced a new feature to steal session cookies from the victims that logs into their bank account.” reads the post published by Fox IT  

"SharkBot's developers focusing on the dropper in order to keep using Google Play Store to distribute their malware" researchers Alberto Segura and Mike Stokkel said.