tryck på knappen Rensa nu för att radera Yqal ransomware och all annan skadlig programvara som upptäckts av ett program

Check Point analysts har upptäckt that SharkBot Android malware has once again made its way into the Google Play Store, masquerading as antivirus apps.

This time, the malware was distributed through three developer accounts (Zbynek Adamcik, Adelmio Pagnotto, och Bingo Like Inc), two of which were active in the fall of 2021.

Spring4Shell och Mirai problem

Låt mig påminna dig om det SharkBot was previously reported förbi NCC Group experter. They said that malware usually disguises itself as antiviruses, actually stealing money from users that installed the application. SharkBot, like its counterparts Skadlig programvara infiltrerar Google Play Butik igen, FluBot, och Oscorp (UBEL), belongs to the category of banking Trojans capable of stealing credentials from hacked devices and bypassing multi-factor authentication mechanisms. The malware first appeared on the scene in the fall of 2021.

The NCC Group report emphasized that SharkBot’s hallmark is its ability to perform unauthorized transactions through Automatic Transfer System (ATS) system, Journalister betonar att det för närvarande inte finns några bevis för att betalningen av lösensumman i allmänhet kommer att leda till mottagandet av nyckeln, till exempel, distinguishes it from TeaBot, which requires interaction with a live operator for performing malicious actions.

And also, till exempel, TeaBot-banktrojanen hittades återigen i Google Play Store och ThreatFabric säger, that the Android Trojan SharkBot uses the Accessibility service to steal credentials from banking and cryptocurrency applications in Italy, Storbritannien och USA.

Nu, Check Point specialists have supplemented the analysis of NCC Group and their colleagues from Cleafy with new data. They write that the malware, again seen in the Google Play Butik, does not infect users from China, Indien, Romania, Russia, Ukraine and Belarus. På samma gång, six malicious applications found by researchers were installed more than 15,000 times before being removed, and most of the victims were in Italy and the UK.

They also noticed that SharkBot has a very unusual self-distributing mechanism: it is able to automatically respond to notifications from Facebook Messenger and WhatsApp, distributing malicious links to its fake antivirus applications among the victim’s contacts.

Separately, it is noted that the malware uses DGA (Domain generation algorithm) to communicate with its control servers, which is quite rare among malwares for Android.

Låt mig påminna dig om att vi också skrev det Nyligen upptäckt PhoneSpy Spionprogram redan infekterat över 1000 Telefoner.

Helga Smith

Jag var alltid intresserad av datavetenskap, särskilt datasäkerhet och temat, som kallas nuförtiden "datavetenskap", sedan mina tidiga tonåringar. Innan du kommer in i Virusborttagningsteamet som chefredaktör, Jag arbetade som cybersäkerhetsexpert i flera företag, inklusive en av Amazons entreprenörer. En annan upplevelse: Jag har undervisning vid universitet i Arden och Reading.

Lämna ett svar

Denna webbplats använder Akismet att minska mängden skräppost. Lär dig hur din kommentar data bearbetas.

Tillbaka till toppen