A new malware threat has been identified in the wild called ‘SharkBot’. This new generation malware is attacking Android phones to steal money from banking and crypto accounts. ‘SharkBot’ is targeting accessibility features on Android mobile devices to swipe sensitive banking credentials, credit card details and personal details to subvert access to financial institutions connected to people in the US, UK and Italy.
Sophisticated threat discovered
Who finds it, names it. This malicious malware was given the name Sharkbot by security firm Cleafy when they first identified the threat. The discovery of SharkBot confirms a new generation of mobile malware now capable of performing attacks inside an infected device such as in this threat where SharkBot can overtake banking security measures and spread without originating from the official Google Play Store.
What damage new Android banking malware does
This new Android banking malware is mainly focused on initiating money transfers from compromised devices using a technique that bypasses multi-factor authentication security protocols often used by financial institutions.
What kind of damage can this ‘Sharkbot’ malware create?
- SharkBot has the capability to bypass two-factor authentication used by many banking apps
- It can hide itself from the Android device’s home screen
- Intercepts banking communications sent by text from infected devices
- Records keystrokes of victim to learn credentials and gain control
- Capable of performing gestures on behalf of the victim
- Can take over full control of infected Android device
How does the ‘Sharkbot’ malware target?
SharkBot masquerades as a harmless-looking media player, live tv player or a data recovery app. Once installed on the victim’s device, it hides from being seen and then opens up access to banking credentials, account balances, credit card info, and other identifiable personal information. SharkBot can then autofill fields in legit banking apps and then strikes by transferring money from the victim.
How does the ‘Sharkbot’ malware spread?
Social media links and Sideloading appear to be the most common ways SharkBot malware is infecting victims. No copies have been identified within Google Play Store at the time of this warning. Sideloading is when files are transferred from a computer to a mobile device most dangerously in the form of an application package. Sideloading is most commonly a threat to Android devices.
How to protect an Android device from SharkBot malware
Check for any downloaded apps that allow “Install unknown apps”
- Open Settings from the home screen
- Tap Apps and notifications
- Select Advanced and go to Special app access
- Tap Install unknown apps
- Check for apps listed on your device. They should all say “Not allowed” under each app name. If you notice any saying Allowed, select the app and disable installation of unknown applications.
To disable Unknown apps from being installed inadvertently
- Open Settings from the home screen
- Tap Apps
- Tap the Menu icon in upper right of the screen
- Tap Special Access
- Tap Install unknown apps
- Select the unknown app then tap the Allow from this source to the OFF position
Disable Unknown Sources for protection against unknown sources installing apps such as malware
- Open Settings from your Android home screen
- Scroll to the Lock screen and security in the Personal section and tap to open
- Scroll down to Unknown sources
- Turn off the toggle switch next to Allow installation of apps from sources other than the Play Store.
For greater protection, use malware protection from the best security protection software and apps across all your devices. See the Best Antivirus Security software and apps of 2021 here.
3 comments