A new Android banking Trojan has been discovered that is able to circumvent multi-factor authentication controls through the abuse of ATS.
At the end of October, cybersecurity researchers from Cleafy found the malware, which does not appear to belong to any known family.
Now dubbed SharkBot, the Android malware has been traced in attacks focused on stealing funds from vulnerable handsets running on the Google Android operating system.
So far, infections have been found in the UK, Italy, and the United States.
It is believed that SharkBot is likely a private botnet and is still in the early stages of development.
SharkBot is modular malware that the researchers say belongs to the next generation of mobile malware able to perform attacks based on the Automatic Transfer System (ATS) system.
ATS allows attackers to automatically fill in fields on an infected device with minimal human input. In the same way as the Gustuff banking Trojan, the autofill service is launched to facilitate fraudulent money transfers through legitimate financial service apps — a general trend in malware development and a pivot from older theft techniques on mobile handsets, such as the use of phishing domains.
Cleafy suggests that SharkBot utilizes