Android users should be more careful when they want to download antivirus applications from the Google Play Store. Instead of protecting your phone, you can actually find an antivirus that carries dangerous malware.
This malware called SharkBot was first discovered by Cleafy in October 2021, and recently researchers from the NCC Group found it on the Play Store and provided a detailed description of this malware.
SharkBot is a banking trojan that attacks mobile banking applications, such as TeaBot, Flubot, and Oscorp. One of its most significant features is the automatic transfer system (ATS) which allows hackers to transfer money from a victim's bank account without requiring human interaction.
In other words, the ATS feature in this malware is intended to trick the bank's fraud detection system by simulating a user's movement, such as pressing a button, click, or gesture, to drain their account.
"Because this feature can be used to simulate touch/click and button presses, this feature can be used not only to transfer money automatically but also to install malicious applications or other components," said malware analysts from NCC Group Alberto Segura and Rolf Govers, as quoted by Reuters. from The Hacker News, Tuesday (8/3/2022).
Based on the findings of the NCC Group, the Sharkbot malware can display an overlay page if it detects that a mobile banking application is open. The malware will show a phishing page that is made to look like the bank application in question and is ready to steal user credentials.
This malware can also activate a keylogger that sends all the user's keystrokes to the server. Not only that, SharkBot also intercepts and hides incoming SMS.
Currently, SharkBot malware has been found in four antivirus applications circulating in the Play Store. These apps have been downloaded more than 57,000 times and are currently still on the Google app store.
Users who have already installed these applications should immediately delete them from the phone and reset the device. The four apps known to carry the SharkBot malware are:
Antivirus, Super Cleaner (com.abbondioendrizzi.antivirus.supercleaner) - 1,000+ downloads
Atom Clean-Booster, Antivirus (com.abbondioendrizzi.tools.supercleaner) - 500+ downloads
Alpha Antivirus, Cleaner (com.pagnoto28.sellsourcecode.alpha) - 5,000+ downloads
Powerful Cleaner, Antivirus (com.pagnoto28.sellsourcecode.supercleaner) - 50.000+ downloads.