The widespread Android banking trojan SharkBot has made its way back onto the Google Play Store. This time it has disguised itself as antivirus and cleaner apps by the names of Mister Phone Cleaner and Kylhavy Mobile Security. The apps have around 60,000 total downloads combined and have been designed to primarily target Android users in Spain, Australia, Poland, Germany, the U.S., and Austria. SharkBot has received updated C2 server communication, a domain generation algorithm, and a recoded codebase. NCC Group’s Fox-IT said in a report, “This new dropper doesn’t rely on Accessibility permissions to automatically perform the installation of the dropper SharkBot malware. Instead, this new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats.” Some additional capabilities performed by the malware are injecting fake overlays to harvest bank account credentials, logging keystrokes, intercepting SMS messages, and carrying out fraudulent fund transfers using the Automated Transfer System.