Android phone users are being warned over downloading apps that could contain invasive malware with thousands already thought to be at risk from attack.

SharkBot, which is able to steal login and banking credentials, has returned to the Google Play Store. Cyber criminals have dodged intense security measures as the apps only become infected with the bug once downloaded onto a phone.

The virus, which surfaced previously back in March, has made its way onto two applications which Android fans are being urged to delete immediately.

Two apps called Mister Phone Cleaner and Kylhavy Mobile Security have both been found to be infected with the malware, according to software experts at Fox-IT who made the discovery.

Google has since banned these apps but anyone who has already downloaded them needs to act fast if they don't want to become the next victim of cyber crime, the Express reports.

Once installed, SharkBot can funnel money out of mobile bank accounts. The virus can also create fake login pages for online services so hackers can steal user names and passwords.

Speaking about the attack, Fox-IT's Alberto Segura said: "This new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats. We have found two SharkbotDopper apps active in Google Play Store, with 10K and 50K installs each of them.

"On the 22nd of August 2022, Fox-IT’s Threat Intelligence team found a new Sharkbot sample with version 2.25; communicating with command-and-control servers mentioned previously. This Sharkbot version introduced a new feature to steal session cookies from the victims that logs into their bank account."

If you think you may have downloaded these apps then make sure you delete them without delay and check any permissions you may have granted it.

Daily Record