HomeNewsNew malware SharkBot targets banking apps

New malware SharkBot targets banking apps

-

We independently research, test, review, and recommend the best products—learn more about our process. If you buy something through our links, we may earn a commission. learn more

Last Updated on 22/11/2021 by Sunaina

CyberSecurity experts have uncovered a new Android Trojan that may bypass multi-factor authentication on smartphone banking apps, putting users’ financial data and money at risk.

The Android virus, dubbed ‘SharkBot,’ has been discovered in assaults spanning Europe and the United States, with the goal of stealing cash from mobile phones using the Google Android operating system.

“The main purpose of SharkBot is to start money transfers from compromised devices via the Automatic Transfer Systems (ATS) approach, circumventing multi-factor authentication systems,” Cleafy researchers stated in a statement.

“These methods are used to enforce users’ identity verification and authentication, and are typically paired with behavioural detection techniques to identify suspect money transactions,” the researchers continued.

Since many anti-analysis approaches have been devised, ‘SharkBot’ appears to have a very low detection rate by antivirus programmes.

“Once SharkBot is successfully installed in the victim’s device, attackers may collect sensitive financial information such as passwords, personal information, current balance, and so on, as well as execute gestures on the infected device,” the researchers explained.

‘SharkBot’ is a “new” kind of mobile malware that can conduct ATS assaults within the affected device. This approach has lately been used by other banking trojans, such as Gustuff. ATS (Automatic Transfer System) is a sophisticated (and relatively new on Android) attack method that allows attackers to auto-fill fields in legal mobile banking apps and execute money transfers from compromised devices.

According to the research, the malicious software is installed on users’ smartphones using both the side-loading approach and social engineering tactics.

Sunaina
Sunaina
A tech enthusiast, with a mission to report data breaches, fraudulent practices, dark pattern practices, and updates. She is also frequently fascinated by fintech and unicorns.
- Advertisment -

Must Read

edge-ai

Challenges and Opportunities in Deploying AI Solutions in Edge Computing Environments

0
Edge AI is a ground-breaking new paradigm that has the potential to completely change how companies run. Organizations can seize new chances for creativity,...