Select Page

The Android banking fraud malware known as SharkBot has reared its head once again on the official Google Play Store, posing as file managers to bypass the app marketplace’s restrictions.

A majority of the users who downloaded the rogue apps are located in the U.K. and Italy, Romanian cybersecurity company Bitdefender said in an analysis published this week.

SharkBot, first discovered towards the end of 2021 by Cleafy, is a recurring mobile threat distributed both on the Google Play Store and other third-party app stores.

One of the trojan’s primary goals is to initiate money transfers from compromised devices via a technique called “Automatic Transfer System” (ATS), in which a transaction triggered via a banking app is intercepted to swap the payee account with an actor-controlled account in the background.

It’s also capable of serving a fake login overlay when users attempt to open legitimate banking apps, stealing the credentials in the process.

images from Hacker News