Security News > 2022 > March > SharkBot malware hides as Android antivirus in Google Play
SharkBot banking malware has infiltrated the Google Play Store, the official Android app repository, posing as an antivirus with system cleaning capabilities.
SharkBot was discovered in Google Play by researchers at the NCC Group, who today published a detailed technical analysis of the malware.
Remote control/ATS: Sharkbot has the ability to obtain full remote control of an Android device.
To perform the above, SharkBot abuses the Accessibility permission on Android and then grants itself additional permissions as needed.
One of the notable differences between SharkBot and other Android banking trojans is the use of the relatively new components that leverages the 'Direct reply' feature for notifications.
SharkBot can now intercept new notifications and reply to them with messages coming directly from the C2. As noted in the NCC report, SharkBot uses this feature to drop feature-rich payloads onto the compromised device by replying with a shortened Bit.ly URL. The initial SharkBot dropper app contains a light version of the actual malware to reduce the risk of detection and app store rejections.
News URL
Related news
- Fake Trading Apps Target Victims Globally via Apple App Store and Google Play (source)
- ‘Pig butchering’ trading apps found on Google Play, App Store (source)
- Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection (source)
- Google brings better bricking to Androids, to curtail crims (source)
- TrickMo malware steals Android PINs using fake lock screen (source)
- Over 200 malicious apps on Google Play downloaded millions of times (source)
- Fake Google Meet conference errors push infostealing malware (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)