Security analysts at Check Point Research (CPR) team have recently revealed that there have been a number of malicious Android apps masquerading as antivirus solutions that have been used to spread the SharkBot banking Trojan from the Google Play Store.
This banking trojan was distributed using six malicious Android apps masquerading as antivirus solutions in the Google Play Store.
While all these malicious applications came from the following developers’ accounts:-
The threat actors use Sharkbot to steal and manipulate bank details and login credentials since it’s an information stealer. The malware uses evasion techniques and geofencing features in order to avoid infecting devices from any of these countries:-
In October 2021, Cleafy was the first company to notice the malware, and it’s one of the most powerful features, the ability to transfer money via ATS (Automatic Transfer Systems).
Here the threat actors exploit the compromised devices to execute this task by simulating the following things:-
Here below we have mentioned the primary functions of SharkBot:-
It is believed that more than 15000 copies of the rogue apps were installed before their removal, with the majority of victims either living in:-
However, after the reporting, all the malicious applications were removed from the Play store by Google permanently.
Apart from this, the security analysts have observed 27 versions of Sharkbot, and in SharkBot the threat actors use another stealthy and sophisticated technique that is rarely used in Android malware:-
Several applications on Google Play have been masked as Sharkbot droppers, and here they are mentioned below:-
Here below we have mentioned all the commands used by SharkBot:-
SharkBot can present you with fake overlay windows of fake banking apps using Android’s Accessibility Services permissions that allow it to bypass certain security measures.
It is possible for SharkBot to create auto-replies to notifications from popular apps such as Facebook Messenger and WhatsApp to make the antivirus app share a phishing site to attract victims.
That’s why the security experts strongly recommended users not download any applications from unknown sources. Not only that even they have also urged users to stay alert and cautious while downloading any app from a reputable store.
We're currently living in an age where digital threats loom large. Among these, ransomware has…
Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…
Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…
An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…
One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…
In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…