Vicious SharkBot banking trojan discovered in Play Store antivirus app | #firefox | #chrome | #microsoftedge

You’re gonna need a bigger boat

Image of swimming shark

The SharkBot remote access banking trojan was first spotted in the wild in October 2021. Security researchers at Cleafy discovered it and concluded it was one of a kind, with no connection to malware like TeaBot or Xenomorph — and it had some notably sophisticated and insidious functions. One, Automatic Transfer System (ATS), is new to Android and lets attackers move money automatically out of the victim’s accounts, with no human intervention needed. And as British IT security researchers discovered, an updated SharkBot is hiding inside an innocent-looking antivirus app which is still available on the Google Play Store as of Saturday.

Researchers from the NCC Group published a report earlier this week that broke down how SharkBot works and how it ended up bypassing Play Store safety measures. The malicious app functions like a three-layer poison pill, with one layer masquerading as the antivirus and the second layer as a scaled-down version of SharkBot that then updates by downloading the fully-fanged version of the malware. That’s when it goes to work using a variety of tactics to loot victims’ bank accounts.

Screen capture of malware-infected app

Source: Play Store 

According to NCC, SharkBot can perform an “overlay attack” the moment it detects an active banking app. It throws up a screen that looks like the bank in question, ready for you to feed it your login credentials. The program also activates a keylogger that sends whatever you type to the attacker’s servers — and it doesn’t just intercept SMS messages but can hide them, too. The software can even hijack incoming notifications and send out messages that originate with the attacker’s command and control. Ultimately, SharkBot can use these methods to completely own an Android smartphone.

Fortunately, this particular malicious app hasn’t spread much further than 1,000 downloads — so far. However, if you have downloaded the fake “Antivirus, Super Cleaner” from the Play Store, delete it immediately and consider the possibility you may need to fully wipe your phone. This is one shark you won’t see coming thanks to a dorsal fin sticking out of the water.

Screen capture of Google alerts
Google trolls Redditor with constant alerts about Wheel of Fortune host Pat Sajak

Please, Pat, don’t hurt ’em

Read Next

About The Author

Original Source by [author_name]

Leave a Reply

Your email address will not be published.

eleven − = six