• krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseoSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • krseolinkSpider
  • SharkBot Android Trojan Appeared On Google Play Store
    Home Security SharkBot Android Trojan Appeared On Google Play Store

    SharkBot Android Trojan Appeared On Google Play Store

    Source Link

    Heads up, Android users! Another banking malware has attempted to target Android users by impersonating legit apps. Identified as “SharkBot,” the banking trojan bypassed Google’s checks to appear on Play Store as antivirus apps. Users must ensure they validate the legitimacy of the app developer before downloading any app from the Play Store.

    SharkBot Android Trojan On Play Store

    Researchers from NCC Group have highlighted how the SharkBot Android banking trojan surfaced on Google Play Store.

    SharkBot isn’t a newly discovered malware. Instead, it first caught the attention of the Cleafy Threat Intelligence Team in late 2021. At that time, the malware typically executed malicious campaigns against EU banks.

    According to Cleafy’s analysis, SharkBot exhibits robust stealth capabilities to evade detection, such as hiding app icon following installation, anti-emulator checks, anti-delete mechanism, external ATS module, string obfuscation, and encrypted communication with its C&C.

    After successfully infecting the target device, the malware would access SMS messages, presumably, to overcome 2FA limitations, display screen overlays to steal login credentials and card details, and trigger ATS attacks to steal money.

    According to NCC Group, this dangerous malware has now evolved to bypass Google security checks and infect the Play Store. The researchers observed multiple malware droppers on the Play Store, impersonating various apps.

    In most cases, the malware droppers posed as antivirus and phone cleaning apps to bluff users.

    Upon reaching the target device, the malware performs two main functions. First, spreading the infection further to other devices by exploiting the notification’s auto-reply feature. Second, it triggers ATS features to download the SharkBot malware from the C&C.

    The researchers have shared a detailed technical analysis of the malware in their blog post.

    Google Removed Malicious Apps

    Upon discovering the malicious apps, the researchers reported the matter to Google. Consequently, the tech giant removed them from the Play Store.

    Following are the Play Store links to some of the malicious apps comprising this campaign.

    • hxxps://play.google.com/store/apps/details?id=com.abbondioendrizzi.antivirus.supercleaner
    • hxxps://play.google.com/store/apps/details?id=com.abbondioendrizzi.tools.supercleaner
    • hxxps://play.google.com/store/apps/details?id=com.pagnotto28.sellsourcecode.alpha
    • hxxps://play.google.com/store/apps/details?id=com.pagnotto28.sellsourcecode.supercleaner

    Nonetheless, the malware might reappear on the Play Store at any time, posing as some other malicious apps. Therefore, users should remain careful when downloading apps from untrusted or unknown developers.

    Related Articles

    Leave a Comment

    techhipbettruvabetnorabahisbahis forumutaraftarium24eduedueduseduedueduseduseduseduedus
    cashwin giris
    kingbetting giriş
    casinomilyon giriş
    betmatik
    neyine
    vegabet
    padişahbet güncel giriş
    pin up aviator
    padişahbet güncel giriş
    betwild giris
    lüks casino
    sugar rush 1000
    rokubet casino
    свит бонанза
    plinko romania
    imajbet giriş
    rexbet giriş
    biabet giris
    biabet giriş
    betwild giris