Tuesday, November 30, 2021  | 24 Rabiulakhir, 1443
Samaa TV
Facebook Twitter Youtube
HOME > Technology

A new malware is emptying bank accounts and reading OTPs

It can bypass two-factor authentication

SAMAA | - Posted: Nov 17, 2021 | Last Updated: 2 weeks ago
Posted: Nov 17, 2021 | Last Updated: 2 weeks ago

Photo: AFP

Cybersecurity experts have discovered a new malware which is targeting banking apps and crypto exchanges in Android smartphones. 

It was discovered by Cleafy, a team of cybersecurity experts that helps banks and financial institutions scale-up to fight against online fraud.  

Named “SharkBot” by Cleafy, this trojan hacks into the banking apps installed on infected devices and “initiate money transfers bypassing multi-factor authentication.” 

“Once SharkBot is successfully installed in the victim’s device, attackers can obtain sensitive banking information through the abuse of Accessibility Services, such as credentials, personal information, current balance, etc., but also to perform gestures on the infected device,” said Cleafy in its report.

What is a Trojan? 

Trojan is a malicious code or software which enters into the victim’s device unnoticed and then takes control of the device.

A Trojan, once installed, can read text, record keyboard strokes and give a doorway to more malware. It can even wipe clean the entire device or take it hostage by blocking data, modifying data and disrupting the device’s performance. 

What makes SharkBot lethal? 

SharkBot is being categorized as a lethal malware because it is only targeting banking apps and crypto exchanges, and initiating bank transfers.

It’s new generation technology and sophisticated working makes it even harder to detect. 

Cleafy indetified 22 different targets including international banks from UK and Italy and 5 different cryptocurrency services which are attacked by SharkBot.  

SharkBot hides itself as a legitimate application on a device. After it is installed, no icon is displayed while the malware gets all the permissions it needs by activating Android Accessibility Services. 

However, the permission to activate accessibility services are given by users themselves. 

What SharkBot does is that it keeps showing a popup on the screen to allow access to these services. After seeing it appear multiple times on their screens, users allow the access. 

Source: Cleafy

How SharkBot makes its way into the phone? 

SharkBot is not available on Google Play Store. It means that there is no possibility of it entering a device through app installation.

It is installed on devices using side-loading technique and social engineering schemes. 

Sideloading is a process in which files are transferred between two deices – mobile phone to mobile phone or computer to mobile phone or mobile phone to computer. 

It also applies to the transfer of apps from web sources that are not secure. 

How SharkBot transfers money out of users’ accounts?  

SharkBot implements an overlay on mobile phones so that users enter passwords into a wrong app. It also intercepts text message to get access to secret codes, logs key strokes and also bypass two-factor authentication. 

However, even after gaining access to all the accessibility features, SharkBot only uses a subsection of these features. The malware activates only when: 

  • a button is clicked, text is typed or an item is selected 
  • a new activity is launched 
  • a new notification appears on the device 

Once activated, SharkBot auto-fills all the fields in banking apps and initiate money transfers. 

Source: Cleafy

Since it also has access to text messages and notification, it can also read one-time password (OTP) sent to user by the bank.  

Can it be detected? 

Cleafy says that SharkBot has a very low detection rate by antivirus software. The bot implements multiple techniques to avoid detection. The malware has been written from scratch which makes its detection even more difficult 

FaceBook WhatsApp

Tell us what you think:

Your email address will not be published.

FaceBook WhatsApp

sharkbot virus, how to detect sharkbot, how to secure your mobile phone, mobile phone hacking

TECNO Launches its much-awaited Camon 18 series in Pakistan
About Us   |   Anchor Profiles   |   Online Advertising   |   Contact Us   |   Feedback   |   Apps   |   FAQs   |   Authors   |   Comment Policy
Facebook   |   Twitter   |   Instagram   |   YouTube   |   WhatsApp