A new Android banking Trojan, SharkBot, has been uncovered that uses the Automatic Transfer System to get around multi-factor authentication measures.
Cleafy cybersecurity researchers discovered the malware around the end of October, and it does not appear to belong to any recognized family.
The Android malware, now known as SharkBot, has been linked to assaults aimed at stealing funds from susceptible handsets running the Google Android operating system.
In the long run, infections have been discovered in the United Kingdom, Italy, and the United States of America. SharkBot is thought to be a private botnet that is still in its early phases of development.
According to the researchers, SharkBot is a modular malware that is part of the future generation of mobile malware that may carry out assaults using the Automatic Transfer System (ATS).
SharkBot uses this strategy to avoid behavioral analytics, biometric checks, and multi-factor authentication because no new device would need to be enrolled. However, the malware must first compromise Android Accessibility Services in order to do so.
When SharkBot is launched on an Android device, it will immediately request accessibility permissions and bombard the victim with pop-ups until they are given.
The fact that no samples have been discovered in the official Android software repository, the Google Play Store, is a silver lining. Instead, the malware must be loaded from an external source via side-loading, which the vendor warns is problematic because it allows rogue apps to bypass Google Play security measures.
However, according to Cleafy, he stated that: “With the discovery of SharkBot, we have provided new evidence regarding how mobile malware is rapidly developing new ways to commit fraud, attempting to circumvent behavioral detection countermeasures put in place by many banks and financial services in recent years,”
“Like the rise of workstation malware in recent years, we are seeing a rapid evolution in the mobile arena toward more sophisticated patterns like ATS attacks.”
Subscribe to our newsletter and never miss an update on the latest tech, gaming, startup, how to guide, deals and more.