Not just phishing and cyber traps to steal our money through fraudulent emails or sms. The fear of viruses, so-called malaware, or trojans, which can destroy all our data, is back.
There little edifying discovery comes from the USA. The team of NCC Group, as well as many other researchers, they noted a increase in Android malware last year, especially the Android banking malware.
Within the team of Threat Intelligence by NCC Group, many of these are being examined closely “Families” of malware to provide valuable information to users on these threats. In addition to the more popular android banking malware, NCC Group’s Threat Intelligence team is also watching new trends and new families of fearsome viruses that emerge and could be potential threats to users around the world.
One of these “newer” families is a Android banking malware called SharkBot. During the research it was noted that this malware was distributed via the Official Google Play Store. After the discovery, Google was immediately notified and it was decided to share the knowledge via a blog post on the company.
The NCC Group Threat Intelligence team, in recent months, is continuing SharkBot analysis and made important new discoveries about viruses affecting computers and cell phones.
The new android banking virus that scares the world
SharkBot is an Android banking malware found in late October 2021 by the Cleafy Threat Intelligence Team. At the time of writing, SharkBot malware does not appear to have any relationship with other Android banking malware such as Flubot, Cerberus / Alien, Anatsa / Teabot, Oscorp, etc.
SharkBot’s main goal is to initiate money transfers (from compromised devices) via Automatic Transfer Systems (ATS). As far as we have observed, this technique is an advanced attack technique that is not used regularly within Android malware.
Allows opponents to automatically fill in fields in legitimate mobile banking apps and initiate money transfers. While other Android banking malware, such as Anatsa / Teabot or Oscorp, require a live operator to enter and authorize money transfers.
Due to the fact that they are distributed via the Google Play Store as a fake antivirus, it turned out that they must include using infected devices to spread the malicious app. SharkBot achieves this by abusing the Android function “Direct answer ”.
This function is used to automatically send a reply notification with a message to download the fake antivirus app. This diffusion strategy that abuses the Direct Reply feature was recently seen in another banking malware called Flubot.
Join the group job offers, bonuses, disability, law 104, pensions and news
Receive free news on job vacancies and the economy every day
- Telegram – Group
- Facebook – Group
Start a new Thread