17/11/2021
SharkBot — A New Android Trojan Stealing Banking and Cryptocurrency Accounts
Cybersecurity researchers on Monday took the wraps off a new Android trojan that takes advantage of accessibility features on mobile devices to siphon credentials from banking and cryptocurrency services around the world.
The main goal of SharkBot is to initiate money transfers from the compromised devices via Automatic Transfer Systems (ATS) technique bypassing multi-factor authentication mechanisms (e.g., SCA)," the researchers said in a report.
"Once SharkBot is successfully installed in the victim's device, attackers can obtain sensitive banking information through the abuse of Accessibility Services, such as credentials, personal information, current balance, etc., but also to perform gestures on the infected device."
Masquerading as media player, live TV, or data recovery apps, SharkBot, like its other malware counterparts TeaBot and UBEL, repeatedly prompts users with rogue pop-ups to grant it wide permissions only to steal sensitive information. Where it stands apart is the exploitation of accessibility settings to carry out ATS attacks, which allow the operators to "auto-fill fields in legitimate mobile banking apps and initiate money transfers from the compromised devices to a money mule network controlled by the [threat actor]."
