A nasty new Android banking Trojan called SharkBot has been discovered by security researchers. [Like many mobile banking Trojans, SharkBot has the ability to intercept text messages and steal two-factor authentication codes, put overlays over actual banking apps so that users enter passwords into the wrong apps, and record keystrokes, Italian fraud detection firm Cleafy It also has the ability to put an overlay over the actual banking app, forcing users to enter their passwords in the wrong app, and recording keystrokes, researchers at Italian fraud detection firm Cleafy said in a report last week.
But SharkBot also does something special. Once it has the account information, it can initiate electronic transfers from a cell phone without having to get approval from the bank or activate fraud-prevention safeguards.
"Mobile malware is quickly finding new ways to perpetrate fraud in an attempt to circumvent behavioral detection measures introduced by several banks and financial services over the last few years," the Cleafy report states.
SharkBot disguises itself as a media player or utility app and, as soon as it is installed, asks the user to allow Android accessibility services intended to assist people with hearing and vision impairments, when in fact the app gives the user almost complete control over the device. It is also, according to Clearfy, a fairly new piece of malware that appears to have been created from scratch, so it has yet to be detected by many good Android antivirus apps.
SharkBot is not (yet) present in the Google Play app store, so unless you enable installation of apps from "unknown services," you are probably safe.
As for the banking and cryptocurrency apps that SharkBot targets, Clearfy does not provide a list of names. However, it appears that the malware is still in development, so more financial institutions may be added to the target list in the near future.
Comments