Crypto app targeting SharkBot malware resurfaces on Google app store

cointelegraph.com:

A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements.

A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Sept. 2, sharing their co-authored article on Fox IT’s blog.

We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! Great work @Mike_stokkel! https://t.co/uXt7qgcCXb

According to Segura, the new version of the malware was discovered on Aug. 22, and can “perform overlay attacks, steal data through keylogging, intercept SMS messages, or give threat actors complete remote control of the host device by abusing the Accessibility Services.”

The new malware version was found in two Android apps — “Mister Phone Cleaner” and “Kylhavy Mobile Security,” which have since amassed 50,000 and 10,000 downloads respectively.

The two apps were able to initially make it to the Play Store as Google’s automated code review did not detect any malicious code. However, it has since been removed from the store.

However, the 60,000 users who installed the apps may still be at risk and should remove the apps manually, observers have suggested. 

An in-depth analysis by Italian-based security firm Leafy found that 22 targets had been identified by SharkBot, which included five cryptocurrency exchanges and a number of international banks in the US, UK, and Italy.

As for the malware’s mode of attack, the earlier version of the SharkBot malware “relied on