Discover the SharkBot Banking malware in the Play Store antivirus app

You will need a bigger boat

swimming shark picture

The SharkBot remote banking trojan was first spotted in the wild in October 2021. Security researchers at Cliffy Discover it and conclude that it is unique, not related to malware like thibot or Xenomorph – It had some remarkably complex and malicious functions. The first, the Automated Transfer System (ATS), is new to Android and allows attackers to automatically transfer funds from victim accounts, without the need for human intervention. And as British IT security researchers have discovered, an updated SharkBot hides inside an innocent-looking antivirus Implementation Which is still available on the Google Play Store as of Saturday.

researchers from NCC Group published a report Earlier this week, he explained how SharkBot worked and how it ended up bypassing Play Store security measures. The malicious application acts like a three-layer poisonous disk, with one layer masquerading as an antivirus and the second layer as a miniature version of SharkBot that is then updated by downloading the full version of the malware. That’s when the business begins using a variety of tactics to loot the victims’ bank accounts.

ANDROIDPOLICE TODAY’S VIDEO
Screenshot of a malware-infected app

Source: Play Store

According to NCC, SharkBot can perform an “overlay attack” the moment it detects an active banking application. A screen that looks like the respective bank is displayed, ready to provide you with your login credentials. The program also activates a keylogger that sends everything you type to the attacker’s servers – and not only intercepts SMS messages, but can hide them as well. The program can even hijack incoming notifications and send messages that originate at the attacker’s command and control. Ultimately, SharkBot can use these methods to fully own an Android smartphone.

Fortunately, this malicious application has not spread to over 1,000 downloads – until now. However, if you Owns Download the fake “Antivirus, Super Cleaner” from the Play Store, then delete it immediately and consider the possibility that you need to wipe your entire phone. This is a shark you won’t see coming thanks to the dorsal fin sticking out of the water.

promo google-fi-pixel-6
Google Fi: What is it and should you sign up?

Google takes on what should be the carrier

read the following


About the author

Leave A Reply

Your email address will not be published.