According to security experts at NCC Group, the latest app to appear on the Play Store, called Antivirus, Super Cleaner, comes packed with nasty malware called SharkBot which has the ability to initiate money transfers via Automatic Transfer Systems (ATS).
Once a device is infected with this bug, money can be switched between accounts with the user never knowing anything is wrong.
Sharkbot is an incredibly sophisticated malware that uses a swathe of sneaky tactics to siphon money from personal accounts.
Firstly, this bug can overlay a fake login page when it detects the user is trying to access their accounts with hackers then able to steal user names and passwords.
Sharkbot can then allow criminals to take full control of a smartphone remotely and it even has the capability to hide text messages that are often sent by financial institutions to make sure users know someone is accessing their accounts.
What makes this threat even worse is its ability to spread further without using the Play Store. Once a device is infected, Sharkbot can then use Android’s ‘Direct reply‘ feature to instantly respond to notifications. This could allow it to send messages to contacts which could trick other Android users into downloading the bug.
In a bid to boost its download numbers, NCC says it has spotted a number of fake reviews on the Play Store which makes it appear as if the app is credible and safe to download.
One comment said, “It works good” but a quick check through the full list of reviews reveals plenty of people noticing strange things happening once the app is downloaded.
As of Sunday, March 6 the app was still available on the Play Store but Google has since blocked it from being downloaded onto any other devices.
“NCC Group, as well as many other researchers noticed a rise in Android malware last year, especially Android banking malware. One of these ‘newer’ families is an Android banking malware called SharkBot,” NCC said in a post on its blog.
“After discovery we immediately notified Google.”
If you think you may have downloaded this app then make sure you delete it without delay and check any permissions you may have granted it.
It’s also worth checking you bank account for any strange transactions.
Published at Tue, 08 Mar 2022 07:46:00 +0000