Banking and crypto-related apps are at risk of being infected by a piece of malware, which is making Google Play considered apps – Mister Phone Cleaner and Kylhavy Mobile Security. Malware has the ability to steal cookies from accounts and bypass authentication methods that require user input, such as fingerprints. The malware, known as the SharkBot dropper, is used to infect a user’s device once it is installed. Alberto Segura, a malware analyst tweeted about this resurgence of malware on Twitter to warn Android users.
Once installed, the malware cancels the ‘sign in with your fingerprint’ dialog so that the user is forced to enter a password and username, according to Segura. SharkBot malware is capable of bypassing two-factor authentication.
According to the public Google Play Store statistics, Mister Phone Cleaner app has more than 50,000 downloads. It is depicted with a blue logo showing a white and blue broom. While the app is available on the Play Store in India, the Kylhavy Mobile Security app is not visible in India, but reportedly it has over 10,000 downloads.
“This new Sharkbot dropper asks victims to install malware as a fake update so that the antivirus is always protected against threats,” Segura said in a statement. blog post.
The main goal of the SharkBot malware is to “initiate money transfers from compromised devices through Automated Transfer System (ATS) techniques bypassing multi-factor authentication” Cleary LabsAn online fraud management company explained when the malware was first identified.
Since mobile apps are an easy way to take control of smartphones, some scammers have exploited these apps to target victims.
Back in July, tech giants Apple and Google received letters from US legislators, requesting details on crypto-related apps available on the App Store and Play Store respectively. In these letters, Senator Sherrod Brown, Chairman of the Senate Banking Committee also asked the companies to provide information on how they tackle potentially dangerous applications that may be fueling money scams. electronic.
“Cybercrime stole the logos, company names and other identifying information of crypto companies and then created fake mobile apps. App stores are required to have appropriate safeguards in place to prevent fraudulent mobile app activity,” Brown said. Written in his letters to the tech giants.
Last year, Google Play eliminate eight scam crypto apps after they were found to be crypto scam apps. These apps are BitFunds – Crypto Cloud Mining, Bitcoin Miner – Cloud Mining, Bitcoin (BTC) – Pool Mining Cloud Wallet, Crypto Holic – Bitcoin Cloud Mining, Bitcoin Daily Rewards – Cloud Based Mining, Bitcoin 2021, MineBit Pro – Crypto Cloud Mining Miners & BTC and Ethereum (ETH) – Shared Mining Cloud.