Security News > 2022 > April > SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps
As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot.
"SharkBot steals credentials and banking information," Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with The Hacker News.
The rogue apps are said to have been installed more than 15,000 times prior to their removal, with most of the victims located in Italy and the U.K. The report complements previous findings from NCC Group, which found the bankbot posing as antivirus apps to carry out unauthorized transactions via Automatic Transfer Systems.
SharkBot takes advantage of the Accessibility Services permissions to present fake overlay windows on top of legitimate banking apps.
One new notable feature of SharkBot is its ability to auto reply to notifications from Facebook Messenger and WhatsApp to distribute a phishing link to the antivirus app, thus propagating the malware in a worm-like fashion.
The latest findings come as Google took steps to banish 11 apps from the Play Store on March 25 after they were caught incorporating an invasive SDK to discreetly harvest user data, including precise location information, email and phone numbers, nearby devices, and passwords.
News URL
https://thehackernews.com/2022/04/sharkbot-banking-trojan-resurfaces-on.html
Related news
- Apps secretly turning devices into proxy network nodes removed from Google Play (source)
- Free VPN apps on Google Play turned Android phones into proxies (source)
- Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (source)
- Google rejected 2.28 million risky Android apps from Play store in 2023 (source)
- Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 (source)
- Google blocked 2.3M apps from Play Store last year for breaking the G law (source)
- ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (source)
- Android 15, Google Play get new anti-malware and anti-fraud features (source)
- Android 15, Google Play Protect get new anti-malware and anti-fraud features (source)