The cryptocurrency market is proving to be an extremely lucrative opportunity for cybercriminals, who continue to devise new ways to steal user funds. The latest is the case of the Sharkbot malware disguised as “Mister Phone Cleaner” and the “Kylhavy Mobile Security” application is distributed on the Google Play Store. In the past month alone, several malicious apps have been discovered on Google Play targeting users interested in investing in digital currencies.
The SharkBot malware targets financial and crypto applications, infecting users’ devices once they are installed. It steals cookies from accounts and bypasses authentication methods that require user input, such as fingerprints. This malware was documented by malware analyst Alberto Segura on Twitter to alert Android users.
Sharkbot’s reappearance raises questions as to whether other undetected malicious apps are lurking in the Google Play store waiting to strike again.
What is SharkBot Malware?
SharkBot is a banking trojan that was first discovered in 2018. This malicious app targeted crypto apps, with a particular focus on those belonging to exchanges and trading services. The malware allegedly steals the victim’s login information, allowing hackers to use their account for malicious activities. SharkBot has since evolved and now uses advanced techniques to evade detection, making it a more sophisticated threat than before.
The malicious app has been downloaded by over 100,000 users. The malware was disguised as cryptocurrency trading apps and exchanges, such as Poloniex and Bittrex. The apps were designed to trick users into giving them access to their login data.
The SharkBot malware first creates an account on the device using the victim’s name and email address. It then logs into the victim’s account on the targeted crypto exchange and attempts to steal their login data. The malware also attempts to steal the victim’s two-factor authentication code from their app. If the malware is successful, hackers can use the victim’s account for malicious activities. In most cases, the malware is used to withdraw money from the account or buy more cryptocurrency.
Spot the SharkBot malware
Malware is difficult to detect, so it’s best to be on the lookout for suspicious activity. Here are some warning signs that you might be infected.
If you notice unexpected withdrawals from your account, a sudden increase in your balance, or if you receive an email from your exchange with a password reset request that you did not initiate, your account may has been hacked. You can report suspicious activity to your exchange, but keep in mind that you might not get your money back. If you find that you are at risk of infection, you should take the following steps:
#Download apps from trusted sources. Only download apps from trusted sources. If you need to install an app from a source you don’t trust, be sure to check reviews and look for any signs of malicious activity. •
#Enable automatic updates. All apps running on your Android device should be configured to receive automatic updates. This ensures that you have the latest version of the app, which often includes fixes for security vulnerabilities. •
#Install a mobile security solution. A reliable mobile security solution can identify malicious apps on your device and remove them. A security solution is your first line of defense against threats like the SharkBot malware.