The SharkBot malware is back on the Google Play app store

The malware was installed in the form of a fake update after installing the app. Adobe Stock / AOP

An updated version of the SharkBot malware has started to spread again in the Google Play app store. The malware aims to steal bank credentials through applications that had tens of thousands of downloads.

To report on it The Bleeping Computer According to the report, the malware nested in two Android apps that had passed Google’s automatic scan, as no malicious code had been detected in them. The malware was installed on the phone only after the fact with the fake update.

The apps were Mister Phone Cleaner and Kylhavy Mobile Security, which had a total of 60,000 downloads. The apps in question have now been removed from the app store, but those who downloaded either should uninstall the app immediately and clean their devices.

The story continues after the pictures.

Malware entering the Google Play app store is always a big risk, as it is a generally trusted source for installable apps. However, from time to time, harmful applications get through the screen of the app store. For this reason, you should be especially careful about which applications you download. It is worth looking at the number of downloads and ratings of the applications. Unfortunately, this doesn’t tell the whole story either, as criminals can enter fake reviews for applications.

The SharkBot malware was first detected in October 2021. In March of this year, NCC Group, a company specializing in information security, detected the malware in applications in the Google Play app store.

SharkBot was initially able to spy on the user’s screen taps, intercept the device’s text messages and enable remote control of the device. In August, the malware was updated so that it could also steal cookies when using bank credentials. This information can potentially be used to bypass fingerprint recognition and in some cases the authentication itself.