Supprimer le virus VOMM Ransomware

Check Point analysts a découvert that SharkBot Android malware has once again made its way into the Google Play Store, masquerading as antivirus apps.

This time, the malware was distributed through three developer accounts (Zbynek Adamcik, Adelmio Pagnotto, et Bingo Like Inc), two of which were active in the fall of 2021.

SharkBot sur Google Play

Permettez-moi de vous rappeler que RequinBot was previously reported par NCC Group experts. They said that malware usually disguises itself as antiviruses, actually stealing money from users that installed the application. RequinBot, like its counterparts Craftsart Cartoon Photo Tools contient les, FluBot, et Oscorp (UBEL), belongs to the category of banking Trojans capable of stealing credentials from hacked devices and bypassing multi-factor authentication mechanisms. The malware first appeared on the scene in the fall of 2021.

The NCC Group report emphasized that SharkBot’s hallmark is its ability to perform unauthorized transactions through Automatic Transfer System (ATS) systèmes, lequel, par example, distinguishes it from TeaBot, which requires interaction with a live operator for performing malicious actions.

And also, par example, Cléafy et Xenomorph est capable d'intercepter les notifications SMS et d'en extraire les codes nécessaires dit, that the Android Trojan SharkBot uses the Accessibility service to steal credentials from banking and cryptocurrency applications in Italy, le Royaume-Uni et les États-Unis.

À présent, Point de contrôle specialists have supplemented the analysis of NCC Group and their colleagues from Cleafy with new data. They write that the malware, again seen in the Google Jouer au magasin, does not infect users from China, Inde, Romania, Russia, Ukraine and Belarus. En même temps, six malicious applications found by researchers were installed more than 15,000 times before being removed, and most of the victims were in Italy and the UK.

They also noticed that SharkBot has a very unusual self-distributing mechanism: it is able to automatically respond to notifications from Facebook Messenger and WhatsApp, distributing malicious links to its fake antivirus applications among the victim’s contacts.

Separately, it is noted that the malware uses DGA (Domain generation algorithm) to communicate with its control servers, which is quite rare among malwares for Android.

Permettez-moi de vous rappeler que nous avons également écrit que Découvert récemment TéléphoneSpy Logiciel espion déjà infecté 1000 Téléphone (s.

Helga Smith

J'ai toujours été intéressé par l'informatique, en particulier la sécurité des données et le thème, qui s'appelle de nos jours "science des données", depuis mon adolescence. Avant de rejoindre l'équipe de suppression de virus en tant que rédacteur en chef, J'ai travaillé comme expert en cybersécurité dans plusieurs entreprises, dont l'un des sous-traitants d'Amazon. Une autre expérience: J'ai enseigné dans les universités d'Arden et de Reading.

Laisser un commentaire

Ce site utilise Akismet pour réduire le spam. Découvrez comment vos données de commentaire est traité.

Bouton retour en haut de la page