Trojan SharkBot يتسلل مرة أخرى إلى متجر Google Play

هيلجا سميثأبريل 11, 2022آخر تحديث: أبريل 12, 2022
26 دقيقة واحدة

Check Point analysts اكتشف that SharkBot Android malware has once again made its way into the Google Play Store, masquerading as antivirus apps.

This time, the malware was distributed through three developer accounts (Zbynek Adamcik, Adelmio Pagnotto, و Bingo Like Inc), two of which were active in the fall of 2021.

SharkBot على جوجل بلاي

دعني أذكرك بذلك SharkBot was previously reported by NCC Group experts. They said that malware usually disguises itself as antiviruses, actually stealing money from users that installed the application. SharkBot, like its counterparts TeaBot, FluBot, و Oscorp (UBEL), belongs to the category of banking Trojans capable of stealing credentials from hacked devices and bypassing multi-factor authentication mechanisms. The malware first appeared on the scene in the fall of 2021.

The NCC Group report emphasized that SharkBot’s hallmark is its ability to perform unauthorized transactions through Automatic Transfer System (ATS) systems, أيّ, على سبيل المثال, distinguishes it from TeaBot, which requires interaction with a live operator for performing malicious actions.

And also, على سبيل المثال, كلافي و ThreatFabric says, that the Android Trojan SharkBot uses the Accessibility service to steal credentials from banking and cryptocurrency applications in Italy, the United Kingdom and the United States.

Now, Check Point specialists have supplemented the analysis of NCC Group and their colleagues from Cleafy with new data. They write that the malware, again seen in the جوجل متجر اللعب, does not infect users from China, India, Romania, Russia, Ukraine and Belarus. في نفس الوقت, six malicious applications found by researchers were installed more than 15,000 times before being removed, and most of the victims were in Italy and the UK.

They also noticed that SharkBot has a very unusual self-distributing mechanism: it is able to automatically respond to notifications from Facebook Messenger and WhatsApp, distributing malicious links to its fake antivirus applications among the victim’s contacts.

Separately, it is noted that the malware uses DGA (Domain generation algorithm) to communicate with its control servers, which is quite rare among malwares for Android.

دعني أذكرك أننا كتبنا ذلك أيضًا Newly discovered PhoneSpy Spyware Already Infected Over 1000 الهواتف.

الوسوم
هيلجا سميثأبريل 11, 2022آخر تحديث: أبريل 12, 2022
26 دقيقة واحدة

هيلجا سميث

كنت دائمًا مهتمًا بعلوم الكمبيوتر, خاصة أمن البيانات والموضوع, وهو ما يسمى في الوقت الحاضر "علم البيانات", منذ سنوات مراهقتي المبكرة. قبل الانضمام إلى فريق Virus Removal كرئيس تحرير, عملت كخبير في الأمن السيبراني في العديد من الشركات, بما في ذلك أحد مقاولي أمازون. تجربة أخرى: لقد حصلت على التدريس في جامعات أردن وريدينج.

اترك رد

هذا الموقع يستخدم Akismet للحدّ من التعليقات المزعجة والغير مرغوبة. تعرّف على كيفية معالجة بيانات تعليقك.

زر الذهاب إلى الأعلى