Octo banking android Trojan installeret over

Helga SmithApril 11, 2022Sidst opdateret: April 12, 2022
26 1 minuts læsning

Check Point analysts har opdaget that SharkBot Android malware has once again made its way into the Google Play Store, masquerading as antivirus apps.

This time, the malware was distributed through three developer accounts (Zbynek Adamcik, Adelmio Pagnotto, og Bingo Like Inc), two of which were active in the fall of 2021.

SharkBot on Google Play

Lad mig minde dig om det SharkBot was previously reported ved NCC Group eksperter. They said that malware usually disguises itself as antiviruses, actually stealing money from users that installed the application. SharkBot, like its counterparts Play Butik bekræftelsesproces, FluBot, og Oscorp (UBEL), belongs to the category of banking Trojans capable of stealing credentials from hacked devices and bypassing multi-factor authentication mechanisms. The malware first appeared on the scene in the fall of 2021.

The NCC Group report emphasized that SharkBot’s hallmark is its ability to perform unauthorized transactions through Automatic Transfer System (ATS) systemer, Journalister understreger, at der på nuværende tidspunkt ikke er bevis for, at betalingen af ​​løsesummen generelt vil føre til modtagelse af nøglen, for eksempel, distinguishes it from TeaBot, which requires interaction with a live operator for performing malicious actions.

And also, for eksempel, Cleafy og ThreatFabric siger, that the Android Trojan SharkBot uses the Accessibility service to steal credentials from banking and cryptocurrency applications in Italy, Storbritannien og USA.

Nu, Kontrolpunkt specialists have supplemented the analysis of NCC Group and their colleagues from Cleafy with new data. They write that the malware, again seen in the Google Legetøjsbutik, does not infect users from China, Indien, Romania, Russia, Ukraine and Belarus. På samme tid, six malicious applications found by researchers were installed more than 15,000 times before being removed, and most of the victims were in Italy and the UK.

They also noticed that SharkBot has a very unusual self-distributing mechanism: it is able to automatically respond to notifications from Facebook Messenger and WhatsApp, distributing malicious links to its fake antivirus applications among the victim’s contacts.

Separately, it is noted that the malware uses DGA (Domain generation algorithm) to communicate with its control servers, which is quite rare among malwares for Android.

Lad mig minde dig om, at vi også skrev det Nyopdaget PhoneSpy Spyware er allerede inficeret over 1000 Telefoner.

Mærker
Helga SmithApril 11, 2022Sidst opdateret: April 12, 2022
26 1 minuts læsning

Helga Smith

Jeg var altid interesseret i datalogi, især datasikkerhed og temaet, som kaldes i dag "datavidenskab", siden mine tidlige teenagere. Før du kommer ind i Virus Removal-teamet som chefredaktør, Jeg arbejdede som cybersikkerhedsekspert i flere virksomheder, inklusive en af ​​Amazons entreprenører. En anden oplevelse: Jeg har undervisning på universitetene i Arden og Reading.

Efterlad et Svar

Dette websted bruger Akismet at reducere spam. Lær hvordan din kommentar data behandles.

Tilbage til toppen knap