Researchers from Checkpoint security have discovered a new version of the SharkBot banking malware, posing as five antivirus tools available to download from the Google Play Store. Please check your phone to see if you have any of these apps installed, and if you do, please delete them straight away and contact our support team for assistance:
- Atom Clean-Booster, Antivirus
- Anti Virus, Super Cleaner
- Alpha Antivirus, Cleaner
- Powerful Cleaner, Antivirus
- Center Security – Antivirus
You can read the complete security advisory by going HERE, but here is a snippet containing everything you need to know:
“Sharkbot lures victims to enter their credentials in windows that mimics benign credential input forms. When the user enters credentials in these windows, the compromised data is sent to a malicious server. Sharkbot doesn’t target every potential victim it encounters, but only select ones, using the geofencing feature to identify and ignore users from China, India, Romania, Russia, Ukraine, or Belarus.”
How can you stay safe?
- Only ever install apps from the Google Play Store, and before you install, check how many reviews the app has. (This is the most important thing to do)
- Never install an app from a website that you do not trust. You can use Incognito Website Checker, and we will tell you if it is safe or not.
- During installation, pay attention to the requested permissions and do not grant any permissions that appear unnecessary for the app’s core functionality.
- You can also use Incognito’s App Check tool to check what permissions an installed app already has on your device. If you use this feature, you will be stunned by some of your installed apps’ permissions. I suggest you use this tool to check what apps have what permissions on your device. Does a torchlight app need to be able to make phone calls etc.?
- Keep an eye on battery consumption; if your device goes dead fast, it is a clear sign go malware infection
- Also, keep an eye on network traffic volumes to identify any spikes as this can be a sign of malicious processes running in the background.
Thanks, and please let me know if you need any assistance.
All the best,
Incognito Privacy Care.