First discovered in October 2021, SharkBot is a banking trojan that can bypass multi-factor authentication mechanisms to steal account credentials from Android mobile devices. Then it steals the funds from the user’s online banking and cryptocurrency accounts.
SharkBot it works by performing unauthorized transactions through Automatic Transfer Systems (ATS). It creates realistic copies of the bank input forms and then, after the unsuspecting user enters the necessary data, sends the compromised data to a malicious server.
More recently, SharkBot has been deleted from Google Play, when he removed six several antivirus apps by downloading and installing malware on the phones of unsuspecting users who, ironically, were just trying to protect themselves from viruses and theft. The six apps were downloaded at least 15,000 times by users in Italy and in the UK prior to their removal.
While Android-specific malware isn’t new, there are some unique features of Sharkbot that distinguish it from other trojans, remembering that malware today also lurks in applications such as whatsapp.
First, it has one geofencing function which allows it to target users based on their geographic area. More recently, it was Fr.returned to British and Italian users, but users from China, Russia, Ukraine, India, Romania and Belarus were ignored.
SharkBot also uses a Domain Generated Algorithm (DGA), unusual thing in malware focused on Android. Using DGA, SharkBot generates seven domains for each hard-coded seed.
Sharkbot, so it empties your bank account
The researchers found eight different seed / algorithm combinations, providing 56 domains per week.
SharkBot also uses over 22 commands on infected androids. Also included is the request for authorization to send SMS messages, the uninstallation of other applications.
Only time will tell what the actual long-term damage of this malware. While Google has made significant progress in malware reduction and other malicious apps on Google Play, this most recent case with SharkBot shows that hackers are only getting better at fishing for information.
SharkBot is a great reminder that in the end we are all responsible for our own cybersecurity and that it is up to users to search for apps (even from reputable brands) before downloading them. Practicing safe cyber hygiene so you are not vulnerable in shark infested waters is key!
The banking trojan remote access SharkBot it was first spotted in October 2021. Security researchers discovered it and concluded it was one of a kind. It has no connection to malware like TeaBot or Xenomorph and it had some particularly sophisticated and insidious functions.
One SharkBot updated can hide, therefore, today again, inside an innocent-looking antivirus app that’s still available on the Google Play Store.
Join the group job offers, bonuses, disability, law 104, pensions and news
Receive free news on job vacancies and the economy every day
- Telegram – Group
- Facebook – Group
Start a new Thread