An application on the Google Play Store called “Antivirus, Super Cleaner” has just been recommended to be uninstalled, if any, because it contains a new generation banking trojan called SharkBot.
According to PhoneArena, a report from UK cybersecurity company NCC Group sheds light on how the SharkBot virus works and how it works to bypass the Google Play Store’s security measures.
SharkBot is a remote access banking trojan that was first discovered in October 2021. Currently, it seems that SharkBot does not have any similarities with Android viruses like TeaBot, the virus hidden in the recently discovered “QR Code & Barcode – Scanner” application. The idea behind SharkBot is to transfer money from infected devices using an automated money transfer system (ATS).
Analysts at NCC Group say SharkBot’s ATS is an advanced attack technique that allows attackers to automatically fill in fields in a mobile banking app and make money transfers without any intervention. any human intervention. When SharkBot detects that the user has opened a banking application, it will mirror the bank’s login screen and through the keylogger it will send what the user is typing to the attacker’s server. Moreover, according to the researchers, SharkBot can even hijack and take full control of the victim’s phone.
The question is how does SharkBot evade the Google Play Store’s safety measures? Basically, the application “Antivirus, Super Cleaner” presents itself as an antivirus application but contains a stripped down version of the SharkBot trojan. When the user downloads and installs “Antivirus, Super Cleaner”, it will download the full version of the SharkBot trojan, then the trojan starts working.