SharkBot malware was recently found lurking in the depths of the Google Play Store for the fourth time. Categorized as a “remote access banking trojan,” SharkBot was hidden inside an antivirus app called Antivirus, Super Cleaner, making it past Play Store’s security measures.
Once the fake antivirus app is initially downloaded, it can then download the rest of the malware it needs to gain access to any banking information on your device by pretending to be your banking app – but it can also cause a lot of other damage. Android Police reports:
“SharkBot can perform an ‘overlay attack’ the moment it detects an active banking app. It throws up a screen that looks like the bank in question, ready for you to feed it your login credentials. The program also activates a keylogger that sends whatever you type to the attacker’s servers — and it doesn’t just intercept SMS messages but can hide them, too. The software can even hijack incoming notifications and send out messages that originate with the attacker’s command and control. Ultimately, SharkBot can use these methods to completely own an Android smartphone.”
SharkBot has also been found in three other fake antivirus apps since November 2021: Atom Clean-Booster, Antivirus; Alpha Antivirus, Cleaner; and Powerful Cleaner, Antivirus – and has been collectively downloaded over 57,000 times.