CarderPlanet
Professional
Cybersecurity researchers have discovered a new banking Trojan for the Android operating system. This malware infiltrates users' mobile devices and tries to reach banking applications and cryptocurrency wallets.
The Trojan was named SharkBot after one of the domains that attackers use for C2 servers. The malware's attacks started at the end of October, when specialists from Cleafy and ThreatFabric companies drew attention to them.
Apparently, the authors of SharkBot are using social engineering to force users to download and manually install malware (sideloading). Google, by the way, has repeatedly warned about the dangers of this download method."At the time of this writing, we do not see the presence of samples in the official Google Play Store", - says the experts' report.
After installation in the OS, SharkBot asks for the necessary rights in the system and tries to access accessibility features - Android Accessibility. In the future, the malware uses this to simulate clicks and other malicious actions.
SharkBot can display fake forms for entering credentials, record keystrokes on a virtual keyboard, extract two-factor authentication codes from SMS messages, and interfere with banking applications and cryptocurrency wallets.
ThreatFabric specialists emphasized that the Android Trojan is currently under development, that is, the authors clearly plan to add functionality.