The antivirus application in the Android Market contains the SharkBot Trojan


SharkBot is a banking Trojan that initiates money transfers from hacked devices, bypassing multi-factor authentication mechanisms to steal the credentials of banking and cryptocurrency services of users in Italy, the UK and the USA.

SharkBot was first discovered in the wild in October 2021. Security researchers from Cleafy discovered it and came to the conclusion that the Trojan is not associated with other malware, such as TeaBot or Xenomorph, and has some unique functionality. For example, the Automatic Transfer System (ATS) function allows attackers to automatically transfer money from the victim’s accounts without human intervention.

As security researchers from the UK discovered, an updated version of SharkBot was discovered on Google Play on Saturday, which is hiding inside an innocent-looking antivirus application.

Earlier this week, researchers from the NCC Group published a report in which they told how SharkBot works and how it bypasses the security measures of the Play Store. The malicious application works like a three-layer poison pill: one layer is disguised as an antivirus, the second is a simplified version of SharkBot, which is subsequently updated by downloading the full version of the malware. After that, the Trojan empties the accounts of unsuspecting users.

Start a discussion …