Remova o vírus VOMM Ransomware

Helga Smithabril 11, 2022Última Actualização abril 12, 2022
28 lido 1 minuto

Check Point analysts ter descoberto that SharkBot Android malware has once again made its way into the Google Play Store, masquerading as antivirus apps.

This time, the malware was distributed through three developer accounts (Zbynek Adamcik, Adelmio Pagnotto, e Bingo Like Inc), two of which were active in the fall of 2021.

SharkBot no Google Play

Deixe-me lembrá-lo que SharkBot was previously reported por NCC Group experts. They said that malware usually disguises itself as antiviruses, actually stealing money from users that installed the application. SharkBot, like its counterparts onde posou como um leitor de código QR, FluBot, e Oscorp (UBEL), belongs to the category of banking Trojans capable of stealing credentials from hacked devices and bypassing multi-factor authentication mechanisms. The malware first appeared on the scene in the fall of 2021.

The NCC Group report emphasized that SharkBot’s hallmark is its ability to perform unauthorized transactions through Automatic Transfer System (ATS) sistemas, Jornalistas enfatizam que atualmente não há evidências de que o pagamento do resgate leve geralmente ao recebimento da chave, por exemplo, distinguishes it from TeaBot, which requires interaction with a live operator for performing malicious actions.

And also, por exemplo, onde posou como um leitor de código QR e ThreatFabric diz, that the Android Trojan SharkBot uses the Accessibility service to steal credentials from banking and cryptocurrency applications in Italy, o Reino Unido e os Estados Unidos.

Agora, Ponto de Verificação specialists have supplemented the analysis of NCC Group and their colleagues from Cleafy with new data. They write that the malware, again seen in the Google Loja de jogos, does not infect users from China, Índia, Romania, Russia, Ukraine and Belarus. Ao mesmo tempo, six malicious applications found by researchers were installed more than 15,000 times before being removed, and most of the victims were in Italy and the UK.

They also noticed that SharkBot has a very unusual self-distributing mechanism: it is able to automatically respond to notifications from Facebook Messenger and WhatsApp, distributing malicious links to its fake antivirus applications among the victim’s contacts.

Separately, it is noted that the malware uses DGA (Domain generation algorithm) to communicate with its control servers, which is quite rare among malwares for Android.

Deixe-me lembrá-lo de que também escrevemos que Recém-descoberto PhoneSpy Spyware já infectado 1000 Telefones.

Tag
Helga Smithabril 11, 2022Última Actualização abril 12, 2022
28 lido 1 minuto

Helga Smith

Sempre me interessei por ciências da computação, especialmente segurança de dados e o tema, que é chamado hoje em dia "ciência de dados", desde minha adolescência. Antes de entrar na equipe de remoção de vírus como editor-chefe, Trabalhei como especialista em segurança cibernética em várias empresas, incluindo um dos contratados da Amazon. Outra experiencia: Eu tenho é professor nas universidades Arden e Reading.

Deixe uma resposta

Este site usa Akismet para reduzir o spam. Saiba como seus dados comentário é processado.

Botão Voltar ao Topo