New Malware Specializes in Android Handsets | Trojan SharkBot Attacks Waves Across US and Europe

New Malware Specializes in Android Handsets | Trojan SharkBot Attacks Waves Across US and Europe
New Malware Specializes in Android Handsets | Trojan SharkBot Attacks Waves Across US and Europe Image from Ales Nesetril on Unsplash

A brand new Android banking Trojan has just recently been discovered. This particular malware was able to circumvent even the critical multi-factor authentication controls by abusing ATS.

Researchers Spot the New Trojan SharkBot

During the end of October, Cleafy cybersecurity researchers found this malware that, quite surprisingly, does not seem to belong to any other known family. Cleafy called the malware they found SharkBot, an Android malware that stole funds from some vulnerable handsets.

According to the story by ZDNet, SharkBot's focus was to steal funds from handsets that were running Google Android operating system. As of the moment, the infections have been seen in the United Kingdom, the United States, and Italy.

What is SharkBot Trojan?

It is now believed that SharkBot is most likely a private botnet that is yet in its infant or at least early stages of development. SharkBot was a modular malware that belonged to the next generation of mobile malware, as per researchers.

Most next-generation malware is capable of attacking based on the Automatic Transfer System or ATS system. ATS had been abused by the malware, which allowed attackers to automatically fill up fields on an infected device even with just the minimum human input.

How Does SharkBot Trojan Work?

Like Gustuff banking Trojan, the autofill service is launched to make fraudulent money transfers through the use of legitimate financial service apps. This has started to become a general trend in malware development and a pivot from older theft techniques that happen on mobile handsets like phishing domains.

Cleafy now suggests that SharkBot uses this technique to try and bypass biometric checks, behavioral analytics, and multi-factor authentication since no new device would need to be enrolled. To do so, however, the malware has to compromise the Android Accessibility Services first.

ATS Exploited to Gain Access

Once finally executed on an Android handset, SharkBot immediately sends request accessibility permissions. This will then plague the victim with pop-ups until it is finally granted.

The tricky part is that no installation icon is shown, and once SharkBot gets all the handset permissions needed, SharkBot quietly overlays attacks to steal credentials and card information. SharkBot also performs theft based on ATS and can also key log and intercept or hide any incoming SMS messages.

How Banking Trojans Work

Researchers note that banking trojans are able to perform "gestures' ' on behalf of the victim. These types of malware can target apps that are provided by international banks as well as cryptocurrency services.

However, a silver lining is that there are currently no samples being found on the official Android app repository, also known as Google Play Store. The malware, instead, works by being loaded from an external source through side-loading. As of the moment, it was reported that SharkBot could have a low detection rate by certain antivirus solutions.

This article is owned by Tech Times

Written by Urian B.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics