SharkBot Banking Malware Spreading via Fake Android Antivirus App on Google Play Store

The threat actor behind a nascent Android banking trojan named SharkBot has managed to evade Google Play Store security barriers by masquerading as an antivirus app.

SharkBot, like its malware counterparts TeaBotFluBot, and Oscorp (UBEL), belongs to a category of financial trojans capable of siphoning credentials to initiate money transfers from compromised devices by circumventing multi-factor authentication mechanisms. It first emerged on the scene in November 2021.

Where SharkBot stands apart is in its ability to carry out unauthorized transactions via Automatic Transfer Systems (ATS), which stands in contrast to TeaBot, which requires a live operator to interact with the infected devices to conduct the malicious activities.

“The ATS features allow the malware to receive a list of events to be simulated, and they will be simulated in order to do the money transfers,” Alberto Segura and Rolf Govers, malware analysts at cybersecurity firm NCC Group, said in a report published last week.

“Since these features can be used to simulate touches/clicks and button presses, it can be used to not only automatically transfer money but also install other malicious applications or components.”

In other words, ATS is employed to deceive the targeted bank’s fraud detection systems by simulating the same sequence of actions that would be performed by the user, such as button presses, clicks, and gestures, in order to make the illicit money transfer. Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *