A malware called SharkBot, which is responsible for Android banking fraud, has once again appeared on the official Google Play Store in the form of legit-looking malicious apps.
It seems that malignant apps are often distributed directly from the Google Play Store in recent months, which has become a common theme on the web.
While cybersecurity analysts at BitDefender have recently identified that this time, SharkBot has taken the form of file managers to bypass the restrictions of the Google Play Store.
Users are more likely to believe something is safe if it comes from an official store, but that is not always the case. During the course of 2021, Cleafy discovered SharkBot for the first time.
Upon installation of these malicious apps from Google Play, for the SharkBot bankers, these applications act as malicious droppers.
However, their actions are completely dependent on where the user is located. In these applications, the user must grant permission to the application for it to install external packages (REQUEST_INSTALL_PACKAGES), which is why the applications disguise themselves as file managers.
There is a significant number of users who have downloaded malicious apps from the following countries in the majority:-
This trojan is primarily designed to facilitate the transfer of money via a technique called ATS from compromised devices which is a primary goal of the Trojan.
In this method, the actor-controlled account is swapped with the payee account via an intercepted transaction triggered by a banking app.
When users attempt to open legitimate banking applications, this malware can also serve as a fake authentication or login page through which it steals users’ credentials.
In order to steal banking-related information from an Android device, SharkBot utilizes four main strategies.
So, here below we have mentioned the four strategies primarily used by this malware:-
Below are the dropper applications that have been removed from the Play Store now:-
Moreover, this malware monitors a wide range of apps that are related to finances, such as the ones below:-
Here below we have mentioned all the permissions asked by these malicious apps in general are:-
Some of these malicious applications are still available for download in other third-party app stores like:-
Here below we have mentioned the recommendations offered by the security experts:-
Azure Active Directory Security – Download Free E-Book
A post-exploitation tampering technique has been discovered that allows the malware to visually trick the…
A critical privilege escalation vulnerability has been discovered to affect macOS devices, particularly the GOG…
Two Russian citizens have been charged for being involved in a campaign on behalf of the…
Malware sandboxes are indispensable for threat analysis, but many of their capabilities are often overlooked.…
In a calculated escalation of cyber warfare, the Lazarus Group, a notorious North Korea hacking…
There were reports of several Android loan apps that pretended to be providing loan services…