SharkBot Trojan Again Infiltrates Google Play Store

ہیلگا اسمتھاپریل 11, 2022آخری تازہ کاری: اپریل 12, 2022
26 1 منٹ پڑھیں

Check Point analysts have discovered that SharkBot Android malware has once again made its way into the Google Play Store, masquerading as antivirus apps.

This time, the malware was distributed through three developer accounts (Zbynek Adamcik, Adelmio Pagnotto, اور Bingo Like Inc), two of which were active in the fall of 2021.

SharkBot on Google Play

Let me remind you that شارک بوٹ was previously reported by NCC Group experts. They said that malware usually disguises itself as antiviruses, actually stealing money from users that installed the application. شارک بوٹ, like its counterparts چائے کی بوٹ, فلو بوٹ, اور Oscorp (UBEL), belongs to the category of banking Trojans capable of stealing credentials from hacked devices and bypassing multi-factor authentication mechanisms. The malware first appeared on the scene in the fall of 2021.

The NCC Group report emphasized that SharkBot’s hallmark is its ability to perform unauthorized transactions through Automatic Transfer System (ATS) systems, which, مثال کے طور پر, distinguishes it from TeaBot, which requires interaction with a live operator for performing malicious actions.

And also, مثال کے طور پر, Cleafy اور ThreatFabric کا کہنا ہے کہ, that the Android Trojan SharkBot uses the Accessibility service to steal credentials from banking and cryptocurrency applications in Italy, the United Kingdom and the United States.

ابھی, Check Point specialists have supplemented the analysis of NCC Group and their colleagues from Cleafy with new data. They write that the malware, again seen in the گوگل پلےسٹور, does not infect users from China, India, Romania, Russia, Ukraine and Belarus. At the same time, six malicious applications found by researchers were installed more than 15,000 times before being removed, and most of the victims were in Italy and the UK.

They also noticed that SharkBot has a very unusual self-distributing mechanism: it is able to automatically respond to notifications from فیس بک Messenger and WhatsApp, distributing malicious links to its fake antivirus applications among the victim’s contacts.

Separately, it is noted that the malware uses DGA (Domain generation algorithm) to communicate with its control servers, which is quite rare among malwares for Android.

Let me remind you that we also wrote that Newly discovered PhoneSpy Spyware Already Infected Over 1000 Phones.

ٹیگز
ہیلگا اسمتھاپریل 11, 2022آخری تازہ کاری: اپریل 12, 2022
26 1 منٹ پڑھیں

ہیلگا اسمتھ

مجھے ہمیشہ کمپیوٹر سائنسز میں دلچسپی تھی۔, خاص طور پر ڈیٹا سیکیورٹی اور تھیم, جسے آج کل کہا جاتا ہے۔ "ڈیٹا سائنس", میری ابتدائی نوعمری سے. ایڈیٹر ان چیف کے طور پر وائرس ہٹانے والی ٹیم میں آنے سے پہلے, میں نے کئی کمپنیوں میں سائبر سیکیورٹی کے ماہر کے طور پر کام کیا۔, ایمیزون کے ٹھیکیداروں میں سے ایک سمیت. ایک اور تجربہ: مجھے آرڈن اور ریڈنگ یونیورسٹیوں میں پڑھانا ملا ہے۔.

جواب چھوڑیں

یہ سائٹ سپیم کو کم کرنے کے لیے Akismet کا استعمال کرتی ہے۔. جانیں کہ آپ کے تبصرے کے ڈیٹا پر کیسے کارروائی کی جاتی ہے۔.

واپس اوپر کے بٹن پر