Eliminar el virus VOMM Ransomware

Helga Smithabril 11, 2022Última actualización: abril 12, 2022
28 1 minuto de lectura

Check Point analysts haber descubierto that SharkBot Android malware has once again made its way into the Google Play Store, masquerading as antivirus apps.

This time, the malware was distributed through three developer accounts (Zbynek Adamcik, Adelmio Pagnotto, y Bingo Like Inc), two of which were active in the fall of 2021.

Problema de Spring4Shell y Mirai

Déjame recordarte que SharkBot was previously reported por NCC Group expertos. They said that malware usually disguises itself as antiviruses, actually stealing money from users that installed the application. SharkBot, like its counterparts El troyano bancario TeaBot fue encontrado nuevamente en Google Play Store, FluBot, y Oscorp (UBEL), belongs to the category of banking Trojans capable of stealing credentials from hacked devices and bypassing multi-factor authentication mechanisms. The malware first appeared on the scene in the fall of 2021.

The NCC Group report emphasized that SharkBot’s hallmark is its ability to perform unauthorized transactions through Automatic Transfer System (ATS) sistemas, cuales, por ejemplo, distinguishes it from TeaBot, which requires interaction with a live operator for performing malicious actions.

Y también, por ejemplo, Cleafy y ThreatFabric dice, that the Android Trojan SharkBot uses the Accessibility service to steal credentials from banking and cryptocurrency applications in Italy, el Reino Unido y los Estados Unidos.

Ahora, Punto de control specialists have supplemented the analysis of NCC Group and their colleagues from Cleafy with new data. They write that the malware, again seen in the Google Tienda de juegos, does not infect users from China, India, Romania, Russia, Ukraine and Belarus. Al mismo tiempo, six malicious applications found by researchers were installed more than 15,000 times before being removed, and most of the victims were in Italy and the UK.

They also noticed that SharkBot has a very unusual self-distributing mechanism: it is able to automatically respond to notifications from Facebook Messenger and WhatsApp, distributing malicious links to its fake antivirus applications among the victim’s contacts.

Separately, it is noted that the malware uses DGA (Domain generation algorithm) to communicate with its control servers, which is quite rare among malwares for Android.

Déjame recordarte que también escribimos eso Recien descubierto PhoneSpy El software espía ya está infectado 1000 Los telefonos.

Etiquetas
Helga Smithabril 11, 2022Última actualización: abril 12, 2022
28 1 minuto de lectura

Helga Smith

Siempre me interesaron las ciencias de la computación., especialmente la seguridad de los datos y el tema, que se llama hoy en día "Ciencia de los datos", desde mi adolescencia. Antes de ingresar al equipo de eliminación de virus como editor en jefe, Trabajé como experto en ciberseguridad en varias empresas., incluido uno de los contratistas de Amazon. Otra experiencia: He enseñado en las universidades de Arden y Reading..

Deja una respuesta

Este sitio utiliza para reducir el spam Akismet. Aprender cómo se procesa sus datos comentario.

Botón volver arriba