If you have this antivirus app, delete it immediately
Last week, we told you about a malicious barcode scanner app you needed to delete. This week, there is another app on the Google Play Store that we urge you to uninstall if you have it (or not download at all if you don’t). The app is called “Antivirus, Super Cleaner,” and the reason, ironically enough, is that this antivirus app will affect your phone with a new-gen Android banking Trojan virus called “SharkBot” (via Android Police).A report published by NCC Group, a UK cyber security firm, sheds some light on how this SharkBot virus works and how it manages to bypass the Google Play Store’s security measures.
The SharkBot virus is a remote access banking trojan that was first spotted in October 2021. Currently, it doesn’t look like SharkBot has any similarities to Android viruses like Teabot, the virus hidden in the “QR Code & Barcode – Scanner” app, or Alien, the virus hidden in Fast Cleaner. The idea behind SharkBot is to begin money transfers from infected devices by using Automatic Transfer Systems (ATS).
SharkBot’s ATS, according to NCC Group analysts, is an ‘advanced attack technique’ that allows attackers to auto-fill fields in mobile banking apps and perform money transfers without any human intervention. When SharkBot detects that you have opened a banking app, it will mirror the bank’s log-in screen and, via a keylogger, it will send what you are typing to the servers of the attacker. Furthermore, according to the researchers, SharkBot can even hijack and take full control of your phone.
But how does SharkBot manage to evade the Google Play Store’s safety measures? Basically, the “Antivirus, Super Cleaner” app presents itself as an antivirus app but contains a trimmed-down version of the SharkBot virus. When you download and install “Antivirus, Super Cleaner,” it then downloads the full version of the SharkBot Trojan. After that, the Trojan begins to work.
or reload the browser