A new malware has made its way onto the threat landscape. Security experts have revealed the emergence of the SharkBot Android trojan. It apparently targets crypto and banking services from the U.S., the U.K., and Italy. It works by exploiting devices accessibility features having the goal of credentials theft.
Characteristics of SharkBot Android Trojan
According to a report from the Cleafy researchers, who also gave the banking trojan this particular name “SharkBot”, there were identified 22 targets of the malware among which there were international UK and Italy banks, as well as 5 other crypto services. These experts discovered the malware at the end of October 2021. Its very name seems to be related to the strings the researchers under discussion found in its binaries, as the discovered strings had the word “sharked” within.
Following the report information, SharkBot Android trojan has the following characteristics:
It will appear in the form of data recovery apps, live TV, or a media player Users will come across a pop-up that requires Accessibility Services enablement In order to perform ATS attacks, it exploits accessibility settings to gain full control over the Android device
Here is an example of how this SharkBot