The Google Play Store is a great place where we can find applications for anything we need. This, which is obviously beneficial for us, can also work against us, since from time to time malicious apps appear that try to pass themselves off as legitimate apps to install dangerous malware or Trojans on our devices with which to steal data or crucial information. Two new apps of this type have been recently detected , and we will tell you what they are.
These Android apps seem to be completely legitimate, but the reality is that they are two very dangerous apps that would install a dangerous Trojan designed to steal all kinds of banking information on your device.
Be careful if you have any of these apps on your mobile
As we said, these two applications are quite dangerous, since both install a dangerous Trojan known as SharkBot on the devices, a malicious software that is specifically designed to obtain the financial data of its victim in a stealthy way and without the latter being able to realize it until that it’s already too late. This malware is especially active in European countries, although it has also been detected on occasions attacking users in the United States.
The applications in question that had this dangerous Trojan included are « Mister Phone Cleaner » and « Kylhavy Mobile Security «, two applications that have more than 60,000 installations between them, and which are specially designed to target users from Spain, Australia, Poland, Germany, the United States and Austria. Most of the downloads are taken by Mister Phone Cleaner, with more than 50,000 downloads for this application alone.
These applications are designed to install a new version of this Trojan, known as SharkBot V2. This would have an updated command and control (C2) communication mechanism and domain generation algorithm (DGA). Just a few weeks ago, a new version of this Trojan was discovered that had a tool to divert cookies when victims logged into their bank accounts .
This new SharkBot is really dangerous, since it is designed to bypass any type of protection that we have on our device. This version 2 of the malware asks the victim to install the malware as a fake update of the application , thus bypassing the antivirus protection of our device in case one is installed.
Other capabilities of this Trojan include fake overlays to harvest bank account credentials, as well as logging keystrokes so that everything the victim types on the keyboard can be recorded. In addition, it is also capable of intercepting the SMS from the bank and carrying out fraudulent fund transfers using an automated transfer system.
If, unfortunately, you have one or both apps installed on your device, we recommend that you delete them immediately , as well as we recommend that you never install applications of any kind on your device without making sure that they are really legitimate. It is also interesting that we have some quality antivirus installed on our Android device, something that can save us a lot of trouble.