SharkBot Banking Malware Rampantly using Fake Android Antivirus App on Google Play Store
Reading Time: 2 minutes

SharkBot Banking Malware is rampantly using fake Android Antivirus App on Google Play. SharkBot malware is similar to TeaBot, FluBot, and Oscorp (UBEL) malware which belong to the financial trojan category. These apps are able to avoid the multi-factor authentication mechanisms as they are capable of siphoning credentials to initiate money transfers from compromised devices. SharkBot banking malware was first detected in November 2021.

In Spite of this, the SharkBot banking malware stands out from the TeaBot, for its ability to carry out unauthorized transactions via Automatic Transfer Systems (ATS). While TeaBot requires a live operator to interact with the infected devices to conduct the malicious activities.

Alberto Segura and Rolf Govers, malware analysts at cybersecurity firm NCC Group, in a report published last week said, “The ATS features allow the malware to receive a list of events to be simulated, and they will be simulated in order to do the money transfers.”SharkBot Banking MalwareHe further added, “Since these features can be used to simulate touches/clicks and button presses, it can be used to not only automatically transfer money but also install other malicious applications or components.”

This means ATS is employed to outwit the targeted bank’s fraud detection systems. Where it simulates the same sequence of actions that would be performed by the user, such as button presses, clicks, and gestures, in order to make the illicit money transfer.

Earlier on February 28 the latest version of SharkBot malware was found on Google Play Store. These were dropper apps that also leveraged Android’s Direct Reply functionality to propagate itself to other devices, resulting in the other banking trojan after FluBot to intercept notifications for wormable attacks.

There is a list of malicious apps which have been updated on February 10, and have been collectively installed about 57,000 times to date this includes:

SharkBot banking malware is loaded with features enabling the bad actors to inject fraudulent overlays atop official banking apps to steal credentials and log keystrokes. They are able to obtain full remote control over the devices, though only after the victims grant it Accessibility Services permissions.

According to Cleafy researchers, the new variant of TeaBot discovered on Play Store is designed to target users of more than 400 banking and financial apps, including those from Russia, China, and the U.S.

Related Articles:
Samsung the next Victim of Data Theft after Nvidia as Hackers leak 190 GB Data
Global Consultancies Say Bye Bye Russia
14 Toyota Plants Shut Down As A Result of Cyberattack