recently updated version of a banking and cryptocurrency app aimed at malware has resurfaced on the Google Play store, now including the capability to steal cookies from account login details and override fingerprint or verification requirements.
On September 2, malware analyst Alberto Segura and treatment intelligence analyst Mike Stokkel shared a heads up about the latest version of it on their Twitter accounts, along with a link to their co-authored article on the Fox IT blog.
The new version of the virus, discovered on Aug. 22, can "perform overlay strikes, steal information through log keystrokes, intercept Messages, or give attack actors complete remote control of the host device by misusing the Ease of access Services," according to Segura.
The new malware variant was discovered in two Android apps, "Mister Phone Cleaner" and "Kylhavy Mobile Security," both of which have received 50,000 and 10,000 downloads, respectively.
The two apps were initially accepted into the Play Store because Google's automated code review did not reveal any malicious code, but they have since been removed.
Some observers believe that users who installed the apps are still vulnerable and should remove them manually.
An in-depth investigation by the Italian security firm Cleafy discovered that SharkBot had identified 22 targets, including five cryptocurrency exchanges and a number of foreign banks in the United States, United Kingdom, and Italy.
In terms of the malware's mode of attack, the previous version relied on accessibility authorizations to automatically conduct the installation of the dropper SharkBot malware.
This new version, however, is distinct in that it asks the victim to install the virus as a bogus update for the antivirus in order to remain protected against threats.
Once installed, SharkBot can steal a victim's valid session cookie via the command "logsCookie," effectively bypassing any fingerprint identification or authentication methods used.
Cleafy discovered the first version of SharkBot malware in October 2021.
SharkBot's main goal, according to Cleafy's first analysis, was "to initiate transfers of money from compromised systems via Automatic Transfer Systems (ATS) method bypassing multi-factor authentication process."