Compsmag Team
NCC reports that the money transfer feature is still available in the latest version but used only in some cases of advanced attacks. The four primary functions in SharkBot’s latest version are: Injections (overlay attack): SharkBot can steal credentials by showing web content (WebView) with a fake login website (phishing) as soon as it detects the official banking app opened. Keylogging: Sharkbot can steal credentials by logging accessibility events (related to text fields changes and buttons clicked) and sending these logs to the command and control server (C2)
SharkBot banking malware has infiltrated Google Play, the official Android app repository, masquerading as an antivirus with system cleaning capabilities. Although the trojan app was not widely used, its presence in the Play Store demonstrates that malware distributors can still circumvent Google’s automatic defences. At the time of writing, the app is still available in Google Play. SharkBot was discovered in Google Play by NCC Group researchers, who published a detailed technical analysis of the malware today. Cleafy discovered the malware for the first time in October 2021. Its most notable feature, which distinguished it from other banking trojans, was the ability to transfer money via Automatic Transfer Systems (ATS). This was accomplished by simulating touches, clicks, and button presses on vulnerable devices.
Suggestion For You:
SMS intercept: Sharkbot can intercept/hide SMS messages. Remote control/ATS: Sharkbot has the ability to obtain full remote control of an Android device (via Accessibility Services). To perform the above, SharkBot abuses the Accessibility permission on Android and then grants itself additional permissions as needed. This way, SharkBot can detect when the user opens a banking app, performs the matching web injections, and steals the user’s credentials. The malware can also receive commands from the C2 server to execute various actions such as.
The News Highlights
- SharkBot malware masquerades as an Android antivirus app on Google Play
- Check the latest update on Security news
.
For Latest News Follow us on Google News
- Show all
- Trending News
- Popular By week
Ruble companies pass 63 against the dollar in Moscow, hit new 5-year high against the euro
Shanghai declares victory over COVID, lifting Chinese stocks
PM Modi takes aim at Congress, claiming BJP-led government has restored faith in youth’s innovative skills
According to inside information, SMBC Aviation is close to completing a $7 billion merger with rival Goshawk
Toshiba gets interest from 10 potential investors
Modi-Deuba’s Lumbini talks will cover a wide range of topics, including foreign policy
JPMorgan’s Dimon Confronts Shareholder Advisory Vote Over $52.6M Retention Premium
JK Paper Q4 profit increases 25% to Rs 170 cr; recording numbers like in the third quarter
FINANCIAL TIMES PRESS DIGEST – MAY 13
