iTWire - Sharkbot re-emergence identified hiding in anti-virus and cleaner apps

2022-09-10 05:02:01 By : Ms. Anny Ren

COMPANY NEWS: A malicious Android Banking trojan known as Sharkbot has re-emerged on the Google Play store, masquerading as antivirus and cleaner apps – and Australian users are among the chief identified targets of the malware, first discovered by IT security company NCC.

The trojan attempts to steal banking credentials and information from users. The malware is hiding in two applications: Mister Phone Cleaner and Kylhavy Mobile Security, which have over 60,000 installations between them and are designed to target users in Australia, along with users in Spain, Poland, Germany, the US, and Austria.

Lookout senior security intelligence engineer Ruohan Xiong provides some insight into the apps and malware:

“This is the second iteration of the Sharkbot malware. It appears that the actors behind this malware still intend to steal banking credentials and information as they expand their reach to banks in more countries,” Xiong said.

• Between the two “dropper” apps in question as well as the SharkBot malware package itself, users in the UK, Italy, Spain, Australia, Poland, Germany, United States of America and Austria are now at risk. • The main takeaway is that in an effort to evade detection on the Play Store, the two dropper apps use a less sophisticated approach than previously-seen Sharkbot droppers. • They rely on the user unwittingly allowing the installation of the malicious package rather than attempt to implant it onto the user’s device automatically. • This is simpler from a code perspective and likely is a deliberate decision by the threat actors to prevent the dropper’s code from being scrutinised. • In addition to containing relatively little malicious code, the apps on the Play Store also leverage localisation checks to maintain a low profile and limit attempts to drop the malicious package only to devices that match the intended victim profile.

How to protect yourself Mobile users should never download apps that aren’t on Google Play or the iOS App Store.

• These stores have strong protections in place to prevent malware from sneaking in, but as proven by these two dropper apps malware can sometimes slip through the cracks. • Users should deny any requests to install or update packages from other unknown sources. • If an app prompts you to update it but does not redirect to the official Play Store, it should not be trusted. This discovery also highlights how malware evolves and can reappear with more advanced features. • Protecting yourself against banking trojans and other mobile malware requires a security tool built specifically for mobile. • While this particular piece of malware targets mobile bankers, the same tactic could be used to target accounts for work-related apps like Google Drive, Office 365, and Outlook. This would pose serious risk for any organisation that relies on these apps for their employees to be productive from their mobile devices. • With its global dataset of security telemetry from over 200 million mobile devices and 170 million mobile apps, Lookout is able to protect its customers from new versions of existing malware by identifying shared characteristics of the various versions.

PROMOTE YOUR WEBINAR ON ITWIRE It's all about Webinars. Marketing budgets are now focused on Webinars combined with Lead Generation. If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event. The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page. Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview. We look forward to discussing your campaign goals with you. Please click the button below. MORE INFO HERE!

Actually, thank you very much for making me explain it. I was not trying to pull you up, just make[…]

Your usage scenario for usage scenario makes sense, as it seems to be the original term.It's a bit like being[…]

I'm being picky no one level, but it is hardly being picky on a technical level. The now adopted common[…]

Another environmental disaster in the making..Writing in The Conversation, University of Southern Queensland academics Brad Carter and Mark Rigby conclude[…]

It's common in the tech world. This is a tech site. You can be picky if you want, but the[…]