Two potentially dangerous apps with a significant number of downloads have been removed from the Google Play Store, as security and cyber experts report Fox-IT
Αthese dangerous apps that are supposed to offer you protection from viruses – the Mister Phone Cleaner and Kylhavy Mobile Security settled collectively 60.000 times and their goal was to steal bank credentials by installing a sophisticated version of the notorious malware SharkBot.
The apps were initially made available in its app store Google Play Store, because they didn't contain malicious code so that Google would have a reason to reject them. But as it turned out later, the Mister Phone Cleaner and Kylhavy Mobile Security are dropper-type applications or utility applications, created with the purpose of delivering malware to Android phones.
After being installed by unsuspecting users, they were later prompted to install an update to stay protected from threats, which was actually a way to install the malware SharkBot on the victims' phones.
Although these apps are no longer available on the Play Store, users who downloaded them in the past they must delete them IMMEDIATELY from their phones, otherwise they risk untold consequences and losing money from their bank accounts.
What SharkBot is and how it works through infected apps
The SharkBot first discovered in late 2021 and the first apps with this malware were found on the Play Store in March of this year. The aim of its operation at that time was stealing information by logging keystrokes, intercepting text messages, tricking users by using screen overlay attacks to reveal sensitive information, or giving cybercriminals remote control of the infected device, abusing Accessibility Services on Android.
A newer upgraded version (2.25) called SharkBot 2, spotted last May and on August 22 by Fox-IT, which has the ability to steal cookies from bank account connections. Applications recently discovered to be infected with the SharkBot 2.25, they do not abuse the Accessibility Services and they do not require any additional permissions from the Android system, as it would be difficult to pass Google's checks and get approval to publish them on the Play Store.
Instead, they ask users of the infected apps to download directly from its server itself Sharkbot the infected APK file, bypassing downloads through it Google Play Store. After that, the dropper apps installed on the victim's device notify the user of a new app update, and ask them to install the recommended APK, but also to allow the app to be granted all the required permissions .
To avoid automated detection by the Google SafetyNet, the SharkBot stores its malicious code configuration in encrypted Hard Code format.
Then, using the cookie log that the device receives, SharkBot removes those valid session-limited cookies when a user logs into their bank account, and sends them directly to their own SharkBot command and control server.
These stolen cookies are valuable because they help them avoid fingerprint checks and avoid requiring user authentication tokens in some cases. So they can get into users' bank accounts and empty their accounts without them knowing.
So if you have installed the apps too Mister Phone Cleaner and Kylhavy Mobile Security on your device, immediately proceed to delete them and change the passwords you have set for your WebBanking login in any banking applications you have installed on your device.
Do not forget to follow it Xiaomi-miui.gr on Google News to be informed immediately about all our new articles! You can also if you use RSS reader, add our page to your list by simply following this link >> https://news.xiaomi-miui.gr/feed/gn
Follow us on Telegram so that you are the first to learn our every news!
