Security News > 2022 > March > SharkBot malware hides as Android antivirus in Google Play
SharkBot banking malware has infiltrated the Google Play Store, the official Android app repository, posing as an antivirus with system cleaning capabilities.
SharkBot was discovered in Google Play by researchers at the NCC Group, who today published a detailed technical analysis of the malware.
Remote control/ATS: Sharkbot has the ability to obtain full remote control of an Android device.
To perform the above, SharkBot abuses the Accessibility permission on Android and then grants itself additional permissions as needed.
One of the notable differences between SharkBot and other Android banking trojans is the use of the relatively new components that leverages the 'Direct reply' feature for notifications.
SharkBot can now intercept new notifications and reply to them with messages coming directly from the C2. As noted in the NCC report, SharkBot uses this feature to drop feature-rich payloads onto the compromised device by replying with a shortened Bit.ly URL. The initial SharkBot dropper app contains a light version of the actual malware to reduce the risk of detection and app store rejections.
News URL
Related news
- Android malware 'Necro' infects 11 million devices via Google Play (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Fake WalletConnect app on Google Play steals Android users’ crypto (source)
- Google: Gemini AI for Android processes sensitive data locally (source)
- Google says it's focusing on privacy with Gemini AI on Android (source)
- Azure domains and Google abused to spread disinformation and malware (source)
- Android malware uses NFC to steal money at ATMs (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards (source)