SharkBot Malware Poses as Android Antivirus

SharkBot is a banking malware for Android devices that was discovered around the end of October 2021. One of the primary objectives of SharkBot is to start money transfers from hacked devices via the Automatic Transfer Systems (ATS) approach, which circumvents multi-factor authentication measures.

Identification and authentication systems are used to impose user identity verification and authentication, and they are often paired with behavioral detection techniques to identify suspect money transactions.

What Happened?

SharkBot financial malware has been found in the Google Play Store, the official Android software repository, and is masquerading as an antivirus with system cleaning capabilities, according to researchers.

Source

Despite the fact that the trojan software was not widely used, its appearance on the Google Play Store indicates that malware distributors may still get by Google’s automated safeguards.

Researchers at the NCC Group identified SharkBot on Google Play and provided a full technical study of the virus today.

The ATS features allow the malware to receive a list of events to be simulated, and them will be simulated in order to do the money transfers. Since this features can be used to simulate touches/clicks and button presses, it can be used to not only

Read More: https://heimdalsecurity.com/blog/sharkbot-malware-poses-as-android-antivirus/