A new version of a banking and crypto app targeting malware has recently reappeared on the Google Play store with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements.
A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Friday, sharing their co-authored article on the Fox IT blog.
The new version of the malware can “perform overlay attacks, steal data through keylogging, intercept SMS messages, or give threat actors complete remote control of the host device by abusing the Accessibility Services. The new malware version was found in two Android apps, Mister Phone Cleaner and Kylhavy Mobile Security, which have since amassed 50,000 and 10,000 downloads, respectively.
The two apps were able to initially make it to the Play Store as Google’s automated code review did not detect any malicious code, though it has since been removed from the store. Some observers suggest that users who installed the apps may still be at risk and should remove the apps manually.
An in-depth analysis by Italian-based security firm Cleafy found that 22 targets had been identified by SharkBot, which included five cryptocurrency exchanges and a number of international banks in the United States, the United Kingdom and Italy.