Sharkbot, an Android banking Trojan, has reappeared in Google Play Store

Sharkbot – an Android banking Trojan – has made its reappearance in Google Play Store as an antivirus and cleaner app. According to an NCC Group report, Sharkbot asks victims to ‘install the malware as a fake update for the antivirus to stay protected against threats’. Fox-IT’s Threat Intelligence team found new command-and-control servers (C2s) that provided a list of targets including banks from Spain, Australia, Poland, Germany, the USA, and Austria. Essentially, Sharkbot’s new version introduced features to steal session cookies from victims and log into their bank accounts. It was also found that the new targeted applications are using keylogging-grabber-features, where the malware is stealing information from the text that is inside the official app.