A new malware is emptying bank accounts and reading OTPs

By Muhammad JuniadPublished On 06 Jan 2023
a-new-malware-is-emptying-bank-accounts-and-reading-otps

Cybersecurity experts have discovered a new malware that is targeting banking apps and crypto exchanges in Android smartphones. 

It was discovered by Cleary, a team of cybersecurity experts that helps banks and financial institutions scale up to fight against online fraud.  

Named “SharkBot” by Cleary, this trojan hacks into the banking apps installed on infected devices and “initiate money transfers bypassing multi-factor authentication.” 

“Once SharkBot is successfully installed in the victim’s device, attackers can obtain sensitive banking information through the abuse of Accessibility Services, such as credentials, personal information, current balance, etc., but also to perform gestures on the infected device,” said Cleary in its report.

What is a Trojan? 

Trojan is a malicious code or software which enters into the victim’s device unnoticed and then takes control of the device.

A Trojan, once installed, can read text, record keyboard strokes and give a doorway to more malware. It can even wipe clean the entire device or take it hostage by blocking data, modifying data and disrupting the device’s performance. 

What makes SharkBot lethal? 

SharkBot is being categorized as a lethal malware because it is only targeting banking apps and crypto exchanges, and initiating bank transfers.

It’s new generation technology and sophisticated working makes it even harder to detect. 

Cleafy indetified 22 different targets including international banks from UK and Italy and 5 different cryptocurrency services which are attacked by SharkBot.  

SharkBot hides itself as a legitimate application on a device. After it is installed, no icon is displayed while the malware gets all the permissions it needs by activating Android Accessibility Services. 

However, the permission to activate accessibility services are given by users themselves. 

What SharkBot does is that it keeps showing a popup on the screen to allow access to these services. After seeing it appear multiple times on their screens, users allow the access. 

How SharkBot makes its way into the phone? 

SharkBot is not available on Google Play Store. It means that there is no possibility of it entering a device through app installation.

It is installed on devices using side-loading technique and social engineering schemes. 

Sideloading is a process in which files are transferred between two deices – mobile phone to mobile phone or computer to mobile phone or mobile phone to computer. 

It also applies to the transfer of apps from web sources that are not secure. 

How SharkBot transfer money out of users’ accounts?  

SharkBot implements an overlay on mobile phones so that users enter passwords into a wrong app. It also intercepts text message to get access to secret codes, logs key strokes and also bypass two-factor authentication. 

However, even after gaining access to all the accessibility features, SharkBot only uses a subsection of these features. The malware activates only when: 

  • a button is clicked, text is typed or an item is selected 
  • a new activity is launched 
  • a new notification appears on the device 

Once activated, SharkBot auto-fills all the fields in banking apps and initiate money transfers. 

Since it also has access to text messages and notifications, it can also read one-time passwords (OTP) sent to user by the bank.  

Can it be detected? 

Cleary says that SharkBot has a very low detection rate by antivirus software. The bot implements multiple techniques to avoid detection. The malware has been written from scratch which makes its detection even more difficult 

Most Viewed

who-are-tiktok-girls-hareem-shah-and-sandal-khattak
Who Are TikTok Girls Hareem Shah And Sandal Khattak?
imran-s-political-career-going-to-end-in-country-says-maryam-nawaz
Imran's political career going to end in country Says Maryam Nawaz
lockdown-2
Greece extends lockdown to May 4
esra-bilgic-aka-halime-sultan
Esra Bilgic aka Halime Sultan wins hearts of Pakistani fans yet again
arshad-nadeem-tears-record-books-to-win-javelin-gold-at-cwg
Arshad Nadeem tears record books to win javelin gold at CWG

Related Content

xbox-pc-app-now-supports-steam-and-other-game-stores
Xbox PC app now supports Steam and other game stores
data-of-300-000-hajj-applicants-leaked-on-dark-web
Data of 300,000 Hajj applicants leaked on dark web
it-ministry-moves-to-safeguard-citizens-with-fresh-data-protection-bill
IT Ministry moves to safeguard citizens with fresh data protection bill
james-cameron-ai-can-be-creative-but-lacks-human-experience
James Cameron: AI can be creative, but lacks human experience
youtube-expands-ai-tools-for-creators-worldwide
YouTube expands AI tools for creators worldwide