Android users, beware! Another financial trojan effort has been made to attack Android users by impersonating legitimate applications. The banking malware known as “SharkBot” has managed to pass Google’s tests and appear on the Play Store as antivirus software. Before installing any program from the Play Store, users must confirm that the developer of the application is legitimate. On the Google Play Store, there is a Trojan called SharkBot. The SharkBot Android banking virus was discovered on Google Play Store, according to NCC Group researchers. Sharkboy is not brand new malware. Instead, it was discovered in late 2021 by the Cleafy Threat Intelligence team.
First, spread the infection to other devices by exploiting the notification’s auto-reply feature. Second, it triggers ATS features to download SharkBot malware from the C&C. The researchers shared a detailed technical analysis of the malware in their blog post. Google removed the malicious apps After discovering the malicious apps, researchers reported the matter to Google. Hence, the tech giant removed them from the Play Store. Below are Play Store links to some of the malicious apps that make up this campaign. id=com.pagnotto28.sellsourcecode.supercleaner Nevertheless, the malware can reappear on the Play Store at any time, masquerading as other malicious apps. Therefore, users must be cautious while downloading apps from untrustworthy or unknown developers.
At that time, malware usually ran malicious campaigns against EU banks. According to Cleafy’s analysis, SharkBot has strong stealth capabilities to evade detection, such as hiding app icon after installation, anti-emulator checks, anti-removal mechanism, module External TTY, channel obfuscation and encrypted communication with its C&C. After successfully infecting the target device, the malware would access SMS messages, presumably, to overcome 2FA limitations, display screen overlays to steal login credentials and card details, and trigger ATS attacks to steal money. According to NCC Group, this dangerous malware has now evolved to bypass Google’s security controls and infect the Play Store. Researchers have observed several malware droppers on the Play Store, posing as various apps. In most cases, malware droppers have masqueraded as antivirus and phone cleaning apps to bluff users. When it reaches the target device, the malware performs two main functions.
Summary of news:
- SharkBot Android Trojan Discovered in Google Play Store
- Check out all the news and articles from the latest security news updates.