On the Google Play Store, a total of seven malicious Android apps were found to be using a banking trojan, SharkBot, to infiltrate devices.
researchers Alex Shamshur and Raman Ladutska from Check Point told The Hacker News that sharkbot steals credentials and banking information. When it comes to malware, this one stands out because of its geofencing feature and evasion techniques.
Specifically, the malware targets users in China, India, Romania, Russia, Ukraine, and Belarus. According to reports, the rogue apps had been installed more than 15,000 times before they were removed.
The findings from NCC Group, which found the bankbot posing as antivirus apps to carry out unauthorized transactions via Automated Transfer Systems, are supported by this report (ATS).
Overlay windows on legitimate banking apps are displayed by SharkBot, which takes advantage of Android's Accessibility Services permission. The data is sent to a malicious server when users enter their usernames and passwords into fake credential input forms.
For example, SharkBot's new "auto-reply" feature allows the malware to distribute a link to the antivirus app via Facebook Messenger and WhatsApp notifications. FluBot added a similar feature earlier this month.
According to Alexander Chailytko, manager of Check Point Software's cyber security research and innovation team, the threat actors are pushing malicious links to victims via email, and this has led to widespread infection.
Push-messaging is a novel way to spread malware, and the threat actors' use of it is unusual.
After Google banned 11 apps from the Play Store on March 25 for incorporating an invasive SDK that harvests user data, including precise location, email and phone numbers, nearby devices, and passwords; the latest findings come as a result of this investigation.
Post a Comment
Your suggestions and comments are welcome