SharkBot malware masquerades as an Android antivirus app on Google Play

SharkBot malware masquerades as an Android antivirus app on Google Play

NCC reports that the money transfer feature is still available in the latest version but used only in some cases of advanced attacks. The four primary functions in SharkBot’s latest version are: Injections (overlay attack): SharkBot can steal credentials by showing web content (WebView) with a fake login website (phishing) as soon as it detects the official banking app opened. Keylogging: Sharkbot can steal credentials by logging accessibility events (related to text fields changes and buttons clicked) and sending these logs to the command and control server (C2)

SharkBot banking malware has infiltrated Google Play, the official Android app repository, masquerading as an antivirus with system cleaning capabilities. Although the trojan app was not widely used, its presence in the Play Store demonstrates that malware distributors can still circumvent Google’s automatic defences. At the time of writing, the app is still available in Google Play. SharkBot was discovered in Google Play by NCC Group researchers, who published a detailed technical analysis of the malware today. Cleafy discovered the malware for the first time in October 2021. Its most notable feature, which distinguished it from other banking trojans, was the ability to transfer money via Automatic Transfer Systems (ATS). This was accomplished by simulating touches, clicks, and button presses on vulnerable devices.

SMS intercept: Sharkbot can intercept/hide SMS messages. Remote control/ATS: Sharkbot has the ability to obtain full remote control of an Android device (via Accessibility Services). To perform the above, SharkBot abuses the Accessibility permission on Android and then grants itself additional permissions as needed. This way, SharkBot can detect when the user opens a banking app, performs the matching web injections, and steals the user’s credentials. The malware can also receive commands from the C2 server to execute various actions such as.

The News Highlights

  • SharkBot malware masquerades as an Android antivirus app on Google Play
  • Check the latest update on Security news
  • .

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
US job market still tightening;  Moderate producer cost gains
Ruble companies pass 63 against the dollar in Moscow, hit new 5-year high against the euro
As of 1133 GMT, the rouble had eased 1.4% to 64.17 against the dollar, after earlier touching 62.6250, its strongest mark since early February 2020. The ...
Shanghai declares victory over COVID, lifting Chinese stocks
Shanghai declares victory over COVID, lifting Chinese stocks
For the week, the CSI300 index gained 2%, its biggest jump in six weeks, since Shanghai entered a city-wide lockdown. The Shanghai Composite Index climbed ...
PM Modi takes aim at Congress, claiming BJP-led government has restored faith in youth's innovative skills
PM Modi takes aim at Congress, claiming BJP-led government has restored faith in youth’s innovative skills
“After 2014, we revived the spirit of innovation in India’s youth. We focused on ‘idea, innovation and industry’. First, we invested in infrastructure and ...
According to inside information, SMBC Aviation is close to completing a $7 billion merger with rival Goshawk
According to inside information, SMBC Aviation is close to completing a $7 billion merger with rival Goshawk
SMBC Aviation Capital, which is owned by a consortium including Japan’s Sumitomo Corp and Sumitomo Mitsui Financial Group, has a fleet of more than 750 ...
Toshiba gets interest from 10 potential investors
Toshiba gets interest from 10 potential investors
Toshiba, whose businesses span nuclear energy, infrastructure, devices and semiconductors, said 10 potential investors had signed confidentiality pledges, ...
Modi-Deuba's Lumbini talks will cover a wide range of topics, including foreign policy
Modi-Deuba’s Lumbini talks will cover a wide range of topics, including foreign policy
”The fact that a return visit is taking place in such a close succession is a reflection of the closeness of our high-level exchanges as well as of the ...
JPMorgan's Dimon Confronts Shareholder Advisory Vote Over $52.6M Retention Premium
JPMorgan’s Dimon Confronts Shareholder Advisory Vote Over $52.6M Retention Premium
While say-on-pay votes are only advisory and Dimon, 66, is expected to keep the award regardless, they are closely followed as a test of investors’ attitudes ...
JK Paper Q4 profit increases 25% to Rs 170 cr;  recording numbers like in the third quarter
JK Paper Q4 profit increases 25% to Rs 170 cr; recording numbers like in the third quarter
For the fiscal ended March 31, 2022, consolidated net profit was at Rs 543.82 crore as against Rs 236.72 crore in the previous fiscal, JK Paper said. JK ...
FINANCIAL TIMES PRESS DIGEST - MAY 13
FINANCIAL TIMES PRESS DIGEST – MAY 13
The top stories in the Financial Times are listed below. These articles have not been verified by Reuters, and we cannot guarantee their authenticity. ...
Zipaworld Innovation aims to raise $0.5M on a valuation of $14M
Zipaworld Innovation aims to raise $0.5M on a valuation of $14M
Besides, the funds will be utilised to bolster the infrastructure; workforce expansion; global market penetration and elaboration of international network, ...
Show next
We will be happy to hear your thoughts

Leave a reply

Compsmag - Latest News In Tech and Business
Logo