Brother
Professional
- Messages
- 2,590
- Reaction score
- 533
- Points
- 113
SharkBot initiates money transfers from compromised devices, bypassing multi-factor authentication mechanisms.
Cybersecurity researchers from Cleafy talked about a new Android Trojan that uses accessibility devices to steal the credentials of banking and cryptocurrency services from users in Italy, the United Kingdom and the United States.
The malware, dubbed SharkBot, is designed to target a total of 27 services, including 22 unnamed international banks in Italy and the UK, as well as five cryptocurrency applications in the United States.
“The main goal of SharkBot is to initiate money transfers from compromised devices using an automatic transfer system, bypassing multi-factor authentication mechanisms. After the successful installation of SharkBot on the victim's device, attackers can gain access to confidential banking information, credentials, personal information, current balance, etc., ”the experts explained.
The malware disguises itself as a media player, live video application or data recovery software. SharkBot repeatedly invites users to grant it permission to access confidential information through fraudulent pop-ups. The malware is also capable of using accessibility settings to launch ATS attacks, allowing operators to "automatically fill in fields in legitimate mobile banking applications and initiate money transfers from compromised devices to the accounts of the attackers' money mules."
This approach effectively eliminates the need to register a new device to perform fraudulent activities, and also allows you to bypass the two-factor authentication mechanisms established by banking applications.
Methods for evading malware detection include running emulator checks, encrypting C&C communications with a remote server, and hiding the app icon on the home screen after installation. No malware samples were found on the official Google Play store, indicating that it was installed via third-party downloads or social engineering schemes.
Cybersecurity researchers from Cleafy talked about a new Android Trojan that uses accessibility devices to steal the credentials of banking and cryptocurrency services from users in Italy, the United Kingdom and the United States.
The malware, dubbed SharkBot, is designed to target a total of 27 services, including 22 unnamed international banks in Italy and the UK, as well as five cryptocurrency applications in the United States.
“The main goal of SharkBot is to initiate money transfers from compromised devices using an automatic transfer system, bypassing multi-factor authentication mechanisms. After the successful installation of SharkBot on the victim's device, attackers can gain access to confidential banking information, credentials, personal information, current balance, etc., ”the experts explained.
The malware disguises itself as a media player, live video application or data recovery software. SharkBot repeatedly invites users to grant it permission to access confidential information through fraudulent pop-ups. The malware is also capable of using accessibility settings to launch ATS attacks, allowing operators to "automatically fill in fields in legitimate mobile banking applications and initiate money transfers from compromised devices to the accounts of the attackers' money mules."
This approach effectively eliminates the need to register a new device to perform fraudulent activities, and also allows you to bypass the two-factor authentication mechanisms established by banking applications.
Methods for evading malware detection include running emulator checks, encrypting C&C communications with a remote server, and hiding the app icon on the home screen after installation. No malware samples were found on the official Google Play store, indicating that it was installed via third-party downloads or social engineering schemes.
