Fake Antivirus and Cleaner Apps Caught Installing SharkBot Android Banking Trojan
Sep 05, 2022
The notorious Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps. "This new dropper doesn't rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware," NCC Group's Fox-IT said in a report. "Instead, this new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats." The apps in question, Mister Phone Cleaner and Kylhavy Mobile Security, have over 60,000 installations between them and are designed to target users in Spain, Australia, Poland, Germany, the U.S., and Austria - Mister Phone Cleaner (com.mbkristine8.cleanmaster, 50,000+ downloads) Kylhavy Mobile Security (com.kylhavy.antivirus, 10,000+ downloads) The droppers are designed to drop a new version of SharkBot, dubbed V2 by Dutch security firm ThreatFabric, which features an updated co