SharkBot is a relatively new and dangerous malware. This is a banking trojan, first spotted towards the end of October 2021 by researchers from Cleafy. This Trojan is for making money transfers from compromised users, stealing banking credentials and information and has the capacity to bypass multi-factor authentication.
New research reveals a total of six Android security apps, all of which are already available on the official Google Play store, were used to distribute this malicious malware.
SharkBot bites Android antivirus app users
As Bleeping Computer reported in March 2022, security researchers NCC Group was the first to uncover an antivirus app that was suspected on the official Google Play store that was spreading the SharkBot trojan.
'Antivirus, Super Cleaner' was permanently removed by Google as soon as the NCC Group report was published. Now Check Point researchers have revealed that they found no less than six of those infected apps, all posing as legitimate antivirus solutions for Android users.
Unmasking Android antivirus app scammers
 |
| Diagram showing six Android apps spreading SharkBot malware from Google Play |
Check Point Research found six apps were spreading SharkBot banking trojan malware
In addition to the previously mentioned apps, the list includes:'
- Atom Clean-Booster, Antivirus,
- Alpha Antivirus, Cleaner,
- Powerful Cleaner, Antivirus,
- And two called 'Center Security - Antivirus.'
After responsibly disclosing these details to Google, they were permanently deleted between March 3 and March 27, 2022.
If you are among the thousands who have downloaded one of these apps, and still have it installed on your Android device, then you are advised to remove it immediately. and check your bank statement for unusual activity. Changing your banking password is also highly recommended.
This malware steals banking credentials and information. This is clearly very dangerous. Looking at the number of installs, we can assume that the threat actors are right on target because of their malware distribution methods. Threat actors strategically choose the location of apps on Google Play that users trust.
Another fact also shows that threat actors use 'push messages' to victims containing malicious links, which is unusual and ensures widespread adoption.
The use of push-messages by threat actors seeking answers from users is an unusual dissemination technique. So it is very important for all Android users to know that they should think twice before downloading any anti-virus solution from Play Store. It could be SharkBot.
Check Point Research has published a complete and detailed technical analysis of the SharkBot campaign.
What does Google say about the SharkBot app?
Some of us must be asking, how this application can avoid detection and successfully enter the Google Play Store, where a Google spokesperson gave the following statement:
"We value the work of the research community, and when we find an app that violates policy, we take action."
Google did confirm that all the apps in question have been removed.
Source: Forbes.com
Post a Comment