Not only phishing and IT traps to misappropriate our money through fraudulent emails or text messages. The fear of viruses, so-called malware, or trojans, which can destroy all our data, is back.
There unedifying discovery comes from the US. The team of NCC Group, as well as many other researchers, noted a increase in Android malware last year, especially the Android banking malware.
Within the team of NCC Group Threat Intelligence, many of these are being closely examined “families” of malware to provide users with valuable information about them threats. In addition to the most popular android banking malware, NCC Group’s Threat Intelligence team is also watching new trends and new families of fearsome viruses that emerge and could be potential threats to users around the world.
One of these “newer” families is a Android banking malware called SharkBot. During research it has been noticed that this malware is being distributed via the Official Google Play Store. Upon the discovery, Google was immediately notified and the decision was made to share the knowledge via a blog post from the company.
The NCC Group’s Threat Intelligence team, in recent months, is continuing SharkBot analysis and made important new discoveries about viruses affecting computers and cell phones.
The new android banking virus that scares the world
SharkBot is an Android banking malware found in late October 2021 by the Cleafy Threat Intelligence Team. At the time of writing, SharkBot malware does not appear to have any relation to other Android banking malware such as Flubot, Cerberus/Alien, Anatsa/Teabot, Oscorp, etc.
The main goal of SharkBot is to initiate money transfers (from compromised devices) via Automatic Transfer Systems (ATS). As far as we have observed, this technique is an advanced attack technique that is not used regularly within Android malware.
Allows adversaries to auto-fill fields in legitimate mobile banking apps and initiate money transfers. While other Android banking malware, like Anatsa/Teabot or Oscorp, require a live operator to enter and authorize money transfers.
Due to the fact that they are distributed through the Google Play Store as a fake antivirus, it turned out that they must include using infected devices to spread the malicious app. SharkBot achieves this by abusing the android function”Direct answer”.
This feature is used to automatically send a reply notification with a message to download fake antivirus app. This spreading strategy that abuses the Direct Reply feature has been seen recently in another banking malware called Flubot.
Start a new Thread