The SharkBot trojan was found in four fake antivirus apps on Google Play Store collectively boasting 57,000 downloads.
British IT security researchers from NCC Group have discovered an updated version of the malicious SharkBot banking trojan hidden inside an antivirus app available on the Google Play Store.
Malicious Apps Hiding SharkBot Malware
SharkBot’s new version is hidden inside a fake antivirus app, which functions as a 3-layer poison pill. The first layer masquerades as an antivirus while the second layer extracts a scaled-down SharkBot version.
The malware then downloads its newest version boasting a wide range of capabilities. Researchers spotted the latest version of SharkBot on February 28th, 2022.
Numerous Play Store Apps Leveraging the Malware
NCC Group researchers further noted that several other dropper apps also leverage Android’s Direct Reply function to infect other devices. Hence, after FluBot, SharkBot is the second banking trojan that can intercept notifications for wormable attacks.
The researcher also published the list of malicious apps, collectively boasting 57,000 downloads. The apps include:
Antivirus Super Cleaner (1000+ installs).Alpha Antivirus Cleaner (5,000+ installs).Atom Clean-Booster antivirus (500+ installs).Powerful Cleaner antivirus (50,000+ installs). About SharkBot Malware
SharkBot is a remote access banking trojan first discovered in