These two dangerous Android apps can steal your online banking logins

When you install an app from the Google Play Store, you can be sure that you are getting it from the most secure source. But as we have seen many times in the past, this is no guarantee that these applications are safe to use.

According to a Fox-IT blog post, two apps (which have since been removed from the Play Store) managed to pass routine malware checks and install them on tens of thousands of Android phones.

The hackers cleverly outmaneuvered Google’s automated checks by submitting seemingly harmless applications that contained no malicious code. It wasn’t until people first launched these apps that they requested an “update” that – if the user approves the request – downloads the Sharkbot malware.

This is especially annoying as it targets your banking password in particular. According to the blog, the apps use a new version of Sharkbot (previously introduced in March 2022) that uses the traditional “keylogging” technique to capture your banking password as you type it. But it’s also designed to record your bank balance with the app and send it to the hackers, along with all the login details they managed to steal.

Two infected applications:Mr Phone Cleaner‘, which was installed by no less than 50,000 people, and Kilhawy Mobile Security is a fake antivirus application.

Both trick users into installing malware, claiming they need to upgrade. This means they don’t have to ask for questionable permissions the first time they install them, and of course allows them to pass Google Play Store verifications without issue.

Google removed the apps quickly, but if you have one or both on your phone, it’s very important to remove them.

You must also run a virus scan with a genuine antivirus application such as Norton Mobile Security or Bitdefender Mobile Security.

Fox-IT researchers were able to review the code and see that this latest version of Sharkbot is for many more countries than it was in March:

• Great Britain
• USA
• Australia
• Italy
• Spain
• Portugal
• Germany
• Austria
• Poland

They also say that the malware targets certain applications and tries to prevent the user from logging in with their fingerprint and displaying a username and password form instead. If he didn’t, he wouldn’t be able to steal the login details.

The post also says that more “campaigns” are expected this year, meaning more fake antivirus and “clean” Android apps will appear on the Play Store that use the exact same strategy to go unnoticed.

So, be on the lookout. Just because Mister Phone Cleaner and Kylhavy Mobile Security have been removed, there are probably many more similar apps pending approval on Google Play.

Of course, Sharkbot is far from the first malware to try to find out your bank details: EventBot did something similar in 2020.

If you need an antivirus app or an app to delete junk files and free up space on your phone, make sure you install the genuine article. Be wary of brand new apps with five-star user reviews; it is often fake.

You can find our recommendations for choosing the best antivirus for Android.