SharkBot Android app steals bank accounts and cryptocurrencies

Cybersecurity researchers on Monday unmasked an Android app that, based on the device’s accessibility features, steals confidential information from banking and cryptocurrency services. Called SharkBot by Cleafy, the malware has affected twenty-seven targets, including twenty-two anonymous international banks in Italy and the United Kingdom, as well as five cryptocurrency applications in the United States, since the end of October 2021.

The SharkBot, which would be in its early stages of development, would carry out money transfers from devices compromised by the Automatic Transfer Systems (ATS) technique by manipulating multi-factor authentication mechanisms such as SCA, for example.

It would attack after being installed on the victim’s device. Its purpose would be to obtain sensitive banking information such as personal information, credentials, balance and the like, as well as to fulfill certain commands.

A dangerous new predator of the web

It would pose as a live TV, media player, or data recovery application just like other malicious programs like TeaBot and UBEL. The principle is simple. Tricks the victim into granting them permissions multiple times by opening malicious pop-ups. This is how it steals data.

The difference between this and other secure applications is in the use of accessibility settings to perform TTY attacks. It causes users to automatically fill out fields in legitimate mobile banking apps and then transfer money from those devices to a network of money mules under the perpetrator’s control.

SharkBot has a modus operandi that prevents the registration of a new device in order to commit fraudulent activities, by bypassing the two-factor authentication mechanisms established in banking applications. The application has the features known in the Android three banking horses. Thus, it could carry out overlay attacks to steal credit card information and login credentials, and gain complete remote control of compromised devices.

Almost impossible to detect malware?

SharkBot has the ability to evade analysis and identification by performing emulator checks, encrypting the command, and controlling communications with a remote server. You can also hide the application icon from the home screen after installation.

Furthermore, the Google Play Store has not found a sample of malicious intent. This means that it is likely to be installed on devices through download or social engineering programs.


Rank Math Seo Pro Weadown, Wordfence Premium Nulled, Yoast Nulled, PHP Script, Fs Poster Plugin Nulled, Astra Pro Nulled,Woodmart Theme Nulled, Wpml Nulled, Avada 7.4 Nulled, Woodmart Theme Nulled, PW WooCommerce Gift Cards Pro Nulled, Elementor Pro Weadown, Newspaper – News & WooCommerce WordPress Theme, Nulledfire, Slider Revolution Nulled, Elementor Pro Weadown, Jnews 8.1.0 Nulled, WeaPlay, Business Consulting Nulled, WP Reset Pro, Newspaper 11.2, Flatsome Nulled, Woocommerce Custom Product Ad, Premium Addons for Elementor, Jannah Nulled, Consulting 6.1.4 Nulled, Plugins, WordPress Theme, Dokan Pro Nulled

Back to top button