Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Chronicle Live
Chronicle Live
National
David Snelling & Lucy Farrell & Aaron Morris

Samsung, Huawei, and other android phone users urged to delete apps as 'invasive bug' can empty bank account

Android smartphone users have been issued an urgent warning about downloading apps which could contain invasive malware, with thousands already presumed to be at risk of an attack.

SharkBot, which can steal login and banking credentials, has returned to the Google Play Store, after cyber criminals have dodged intense security measures - with apps only becoming infected with the bug once downloaded and installed.

The virus, which initially surfaced in March earlier this year, has made its way onto two applications which Android users are being urged to delete immediately for their own safety.

Read more: Hotmail and Gmail users targeted by bogus British Gas refund scam - don't be next

The Daily Record reports that the Mister Phone Cleaner app and Kylhavy Mobile Security app have both been found to be infected with the malware, according to software experts Fox-IT who first made the discovery. The Express adds that Google has since banned these apps, but anyone with the software still on their phone or tablet should act fast to avoid becoming a victim of cyber crime.

Once installed unknowingly, SharkBot can funnel money from mobile bank accounts, while also creating bogus logins for online services so hackers can steal sensitive information such as usernames and password. Speaking about the attack, Fox-IT's Alberto Segura said: "This new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats.

"We have found two SharkbotDopper apps active in Google Play Store, with 10K and 50K installs each of them. On the 22nd of August 2022, Fox-IT’s Threat Intelligence team found a new Sharkbot sample with version 2.25; communicating with command-and-control servers mentioned previously.

"This Sharkbot version introduced a new feature to steal session cookies from the victims that logs into their bank account."

If you think you may have downloaded these apps then make sure you delete them without delay and check any permissions you may have granted it. It's also worth checking your bank account for any strange transactions - no matter how little or large.

How to delete apps on Android:
  1. Open the Google Play Store app.
  2. At the top right, tap the profile icon.
  3. Tap Manage apps and devices. Manage.
  4. Tap the name of the app that you want to delete.
  5. Tap Uninstall.

Read next:

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.