Security News > 2022 > March > SharkBot malware hides as Android antivirus in Google Play
SharkBot banking malware has infiltrated the Google Play Store, the official Android app repository, posing as an antivirus with system cleaning capabilities.
SharkBot was discovered in Google Play by researchers at the NCC Group, who today published a detailed technical analysis of the malware.
Remote control/ATS: Sharkbot has the ability to obtain full remote control of an Android device.
To perform the above, SharkBot abuses the Accessibility permission on Android and then grants itself additional permissions as needed.
One of the notable differences between SharkBot and other Android banking trojans is the use of the relatively new components that leverages the 'Direct reply' feature for notifications.
SharkBot can now intercept new notifications and reply to them with messages coming directly from the C2. As noted in the NCC report, SharkBot uses this feature to drop feature-rich payloads onto the compromised device by replying with a shortened Bit.ly URL. The initial SharkBot dropper app contains a light version of the actual malware to reduce the risk of detection and app store rejections.
News URL
Related news
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)