CyberSecurity experts have uncovered a new Android Trojan that may bypass multi-factor authentication on smartphone banking apps, putting users’ financial data and money at risk.
The Android virus, dubbed ‘SharkBot,’ has been discovered in assaults spanning Europe and the United States, with the goal of stealing cash from mobile phones using the Google Android operating system.
“The main purpose of SharkBot is to start money transfers from compromised devices via the Automatic Transfer Systems (ATS) approach, circumventing multi-factor authentication systems,” Cleafy researchers stated in a statement.
“These methods are used to enforce users’ identity verification and authentication, and are typically paired with behavioural detection techniques to identify suspect money transactions,” the researchers continued.
Since many anti-analysis approaches have been devised, ‘SharkBot’ appears to have a very low detection rate by antivirus programmes.
“Once SharkBot is successfully installed in the victim’s device, attackers may collect sensitive financial information such as passwords, personal information, current balance, and so on, as well as execute gestures on the infected device,” the researchers explained.
‘SharkBot’ is a “new” kind of mobile malware that can conduct ATS assaults within the affected device. This approach has lately been used by other banking trojans, such as Gustuff. ATS (Automatic Transfer System) is a sophisticated (and relatively new on Android) attack method that allows attackers to auto-fill fields in legal mobile banking apps and execute money transfers from compromised devices.
According to the research, the malicious software is installed on users’ smartphones using both the side-loading approach and social engineering tactics.