now found in an antivirus app in the play store

Security experts have been working on it since October last year: SharkBot. This trojan nests in apps in the Play Store by cleverly bypassing Google’s security measures. Now it has even been found in an antivirus app of note, namely Antivirus, Super Cleaner.

SharkBot

SharkBot is dangerous because it can take money out of a victim’s account without the user’s consent. Moreover, you can get it by downloading an app that is in the Play Store. This might give you the idea that it’s all safe and not to worry, but the developers behind this trojan did it cleverly: the Google Play Store security check could simply be bypassed.

The malicious app functions on three levels: one layer pretends to be an antivirus, the second layer as a scaled-down version of SharkBot, and a third layer updates the minor version to the fully developed version of the malware. Then you have to wait until it works and bank accounts are looted.

Antivirus, Super Cleaner

SharkBot performs what is known as an “overlay attack” when it detects an active banking app. It then comes up with a screen similar to that of your bank, through which you enter your login details without realizing it and thus give them away to the hackers. The program activates a keylogger that sends everything you type to the hacker’s servers. The software can even hijack incoming notifications and send messages that appear to come from their victim. Ultimately, SharkBot can use these methods to completely take over an Android smartphone.

Now the Antivirus, Super Cleaner app is not very hip and it doesn’t have many downloads yet, but let this be a warning when you download apps from the Play Store at all or when you enter your login details for your internet banking: check as far as possible so it’s always good to see if it is what it seems.

Do you use an antivirus app on your Android device? Which? Leave it now in the comments below this article.