"Sharkbot Malware Found in Apps Posing as Antivirus Solutions"

Sharkbot Android malware has been discovered hiding in Google's Play Store under the guise of antivirus solutions. Google recently removed at least six fraudulent antivirus apps from the Play Store. According to a recent report, attackers used these malicious apps to spread Sharkbot malware. People had downloaded the infected apps approximately 15,000 times by the time the store deleted them. The primary function of the Sharkbot malware is to steal credentials and banking information. The malware also has unique characteristics that make it dangerous. Sharkbot tricks victims into entering their credentials in app screens that appear to be legitimate credential input forms. After a user enters their credentials, the compromised data goes to the attacker's server. These six apps removed from the Play Store came from three developer accounts, Zbynek Adamcik, Adelmio Pagnotto, and Bingo Like Inc. Sharkbot, according to researchers, stands out among other Android malware due to its special features. For example, it can ignore users from China, India, Romania, Russia, Ukraine, and Belarus using the geofencing feature. Sharkbot's toolbox also includes special evasion techniques. If the malware detects that it is running in a sandbox, it will halt its execution and exit. The malware employs a highly effective toolkit for stealing bank data. It takes over the Accessibility Service, which gives the app access to all data the user sees. Researchers found that Sharkbot also enables the app to interact with an interface as if it were a human user. Overall, Sharkbot runs 22 malicious commands, including requesting permission to send SMS messages, collecting and sending the device's contact list to a server, disabling battery optimization so the malware can run in the background, sending push messages, and imitating the user's swipe over the screen. The use of the Domain Generation Algorithm (DGA) is another distinguishing feature of the Sharkbot arsenal. DGA is uncommon in Android malware. Domain generation algorithms are malware algorithms that generate thousands of domain names, which can then be used by the attacker to communicate with malware command-and-control (C2) servers. This article continues to discuss the distribution, tactics, and features of the Sharkbot Android malware. 

Security Intelligence reports "Sharkbot Malware Found in Apps Posing as Antivirus Solutions"

Submitted by Anonymous on