• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
sharkbot banking malware spreading via fake android antivirus app on

SharkBot Banking Malware Spreading via Fake Android Antivirus App on Google Play Store

You are here: Home / General Cyber Security News / SharkBot Banking Malware Spreading via Fake Android Antivirus App on Google Play Store
March 7, 2022

The danger actor powering a nascent Android banking trojan named SharkBot has managed to evade Google Participate in Retail store security limitations by masquerading as an antivirus app.

SharkBot, like its malware counterparts TeaBot, FluBot, and Oscorp (UBEL), belongs to a category of economic trojans capable of siphoning credentials to initiate dollars transfers from compromised devices by circumventing multi-factor authentication mechanisms. It initial emerged on the scene in November 2021.

Where by SharkBot stands aside is in its capacity to have out the unauthorized transactions via Computerized Transfer Units (ATS), which stands in distinction to TeaBot, which requires a live operator to interact with the contaminated gadgets to conduct the destructive routines.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Automatic GitHub Backups

“The ATS options let the malware to receive a record of activities to be simulated, and they will be simulated in get to do the revenue transfers,” Alberto Segura and Rolf Govers, malware analysts at cybersecurity agency NCC Group, said in a report released very last 7 days.

“Because these characteristics can be used to simulate touches/clicks and button presses, it can be applied to not only automatically transfer revenue but also put in other destructive purposes or elements.”

In other text, ATS is utilized to deceive the qualified bank’s fraud detection units by simulating the exact sequence of actions that would be done by the person, these kinds of as button presses, clicks, and gestures, in get to make the illicit revenue transfer.

The most current variation spotted on the Google Play Retail outlet on February 28 are a selection of dropper apps that also leverages Android’s Direct Reply operation to propagate alone to other units, producing it the 2nd banking trojan following FluBot to intercept notifications for wormable attacks.

The listing of destructive apps, all of which were being current on February 10, have been collectively mounted about 57,000 situations to date –

  • Antivirus, Tremendous Cleaner (com.abbondioendrizzi.antivirus.supercleaner) – 1,000+ installs
  • Atom Cleanse-Booster, Antivirus (com.abbondioendrizzi.applications.supercleaner) – 500+ installs
  • Alpha Antivirus, Cleaner (com.pagnotto28.sellsourcecode.alpha) – 5,000+ installs, and
  • Impressive Cleaner, Antivirus (com.pagnotto28.sellsourcecode.supercleaner) – 50,000+ installs

Prevent Data Breaches

SharkBot is also aspect-loaded in that it allows the adversary to inject fraudulent overlays atop official banking applications to steal qualifications, log keystrokes, and attain entire distant handle more than the devices, but only after the victims grant it Accessibility Companies permissions.

The results arrive a 7 days following researchers from Cleafy disclosed details of a new TeaBot variant uncovered in the Play Retail outlet which is designed to target end users of more than 400 banking and economical applications, which includes those from Russia, China, and the U.S.

Observed this short article appealing? Stick to THN on Facebook, Twitter  and LinkedIn to examine much more special information we article.


Some pieces of this article are sourced from:
thehackernews.com

Previous Post: «2 new mozilla firefox 0 day bugs under active attack — 2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!
Next Post: Vulnerability hunters are cut from a different cloth – they’re naturally inquisitive vulnerability hunters are cut from a different cloth – they’re»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless
  • UK Schools Hit by Mass Leak of Confidential Data
  • Play ransomware gang behind recent cyber attack on Rackspace
  • Personal Storage Table Files Accessed in Rackspace Attack

Copyright © TheCyberSecurity.News, All Rights Reserved.