Security experts are warning crypto investors about the new SharkBot virus that steals data to banking applications and programs for working with digital assets. Owners of Android smartphones have suffered from the Trojan.
According to the Italian cybersecurity company Cleafy, the malware has been active since at least the end of October 2021. Customers in three countries were hit:
- UK (14 banking apps);
- Italy (8 banking applications);
- USA (5 cryptocurrency applications).
SharkBot’s main goal was to carry out transactions from compromised devices using an automatic transfer system (ATS), bypassing multi-factor authentication mechanisms.
“After successfully installing SharkBot on a victim’s device, access services could allow attackers to obtain confidential banking information, such as credentials, personal information, current balance, etc., as well as perform actions on the infected device,” says Cleafy.
The Trojan was installed on the phone under the guise of a media player, or applications for video calls or data recovery, but immediately after that, the program icon was hidden. After that, he began to repeatedly receive requests to provide access to various telephone services.
The settings that make it possible to carry out ATS attacks are mentioned separately. By gaining access to auto-complete fields in mobile banking applications, attackers could bypass two-factor authentication mechanisms and transfer funds from compromised devices to their accounts .
Cyber analysts claim that they have not found any coincidences with the known families of “Trojans” in SharkBot . Moreover, the virus has all the functions that are observed in its “brothers”, including:
- theft of login credentials to the banking application;
- obtaining information about credit cards;
- interception and concealment of SMS with bank notifications;
- keylogging (fixing keystrokes by the user);
- complete remote control of the infected device.
Another characteristic feature of the virus is that it is not available in the official Google Play app store. This means the malware was installed via sideloading or social engineering schemes.
How many clients have become victims of SharkBot or the amount of damage caused by the cybercriminals is unknown. The Trojan itself, however, has been hailed as a testament to how quickly new malicious software scams are being devised and how easy it is to bypass the bank and financial security precautions.
Earlier, OBOZREVATEL reported that in October 2021, using advertising with fake sites of cryptocurrency exchanges in a Google search engine, scammers took possession of assets worth half a million dollars.
Catch up on more stories here
Follow us on Facebook here