SharkBot found on Google Play Store antivirus apps
What’s a SharkBot?
SharkBot is a new generation Android Trojan aimed to steal banking credentials and financial information by prompting its victims to enter account credentials in supposedly legitimate input forms. The entered usernames and passwords are sent to a malicious server where the attackers can take advantage of by use them directly for compromising accounts or sell them on the Dark Web. The malware also attempts to persuade users to permit access to the device allowing them to control the device. From that moment on, the attackers can spread the infection by sending out malicious links contained in notifications.
Apart from attempting to steal sensitive information, this malware is trying to avoid previous detection by using a variety of techniques such as taking advantage of domain generation algorithm. This means that, new domain names, as well as IP addresses, are continually created by attackers for their command-and-control servers, which makes it difficult for authorities to stop cybercriminals by cutting off the connection between them and the infected machines.
The malware founded disguised as legitimate antivirus tool on Google Play Store and has taken down. Android mobile users downloaded the phony apps expecting to protect their devices. Instead of, they got infected with SharkBot malware.
Although the malicious apps were removed from Google Play Store, it founded that some of the apps came from developer accounts, a couple of which were active in the fall of 2021. This means that certain apps linked to these accounts remain available in unofficial app stores waiting for their victims.