협박 및 성추행 포함

Check Point analysts 발견했다 that SharkBot Android malware has once again made its way into the Google Play Store, masquerading as antivirus apps.

This time, the malware was distributed through three developer accounts (Zbynek Adamcik, Adelmio Pagnotto, 과 Bingo Like Inc), two of which were active in the fall of 2021.

상기시켜 드리겠습니다 샤크봇 was previously reported ~에 의해 NCC Group 전문가. They said that malware usually disguises itself as antiviruses, actually stealing money from users that installed the application. 샤크봇, like its counterparts Craftsart 만화 사진 도구에는, 플루봇, 과 Oscorp (UBEL), belongs to the category of banking Trojans capable of stealing credentials from hacked devices and bypassing multi-factor authentication mechanisms. The malware first appeared on the scene in the fall of 2021.

The NCC Group report emphasized that SharkBot’s hallmark is its ability to perform unauthorized transactions through Automatic Transfer System (ATS) 시스템, 어느, 예를 들면, distinguishes it from TeaBot, which requires interaction with a live operator for performing malicious actions.

And also, 예를 들면, 클리피 과 ThreatFabric 말한다, that the Android Trojan SharkBot uses the Accessibility service to steal credentials from banking and cryptocurrency applications in Italy, 영국과 미국.

지금, 체크포인트 specialists have supplemented the analysis of NCC Group and their colleagues from Cleafy with new data. They write that the malware, again seen in the Google 플레이 스토어, does not infect users from China, 인도, Romania, Russia, Ukraine and Belarus. 동시에, six malicious applications found by researchers were installed more than 15,000 times before being removed, and most of the victims were in Italy and the UK.

They also noticed that SharkBot has a very unusual self-distributing mechanism: it is able to automatically respond to notifications from 페이스 북 Messenger and WhatsApp, distributing malicious links to its fake antivirus applications among the victim’s contacts.

우리도 그렇게 썼다는 것을 상기시켜 드리겠습니다. 새로 발견 폰스파이 이미 감염된 스파이웨어 1000 전화.