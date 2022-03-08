Another one infected app has passed the pre-publication checks on the Play Store unscathed and has been installed by over a thousand users, with consequent risk for the Bank account of the smartphone owner. The app in question, a fake antivirusit contained the malware SharkBot which, according to researchers from NCC Group it is very dangerous.









NCC Group and other research teams have found an increase in the circulation of Android and, in particular, malware last year banking trojans. In other words, viruses that, with more or less sophisticated techniques, manage to steal the credentials to access current accounts or credit cards and then proceed to steal money from the victims. SharkBot is one such malware and, in the last year, it has evolved and changed to become more dangerous because, in a certain sense, it was “automated“: That is, the hacker no longer needs to act personally to make payments to his accounts from the victim’s account, he does all the virus independently.

Which infected app was discovered

The app that contained SharkBot is called “Antivirus, Super Cleaner“, Was published by”Zbynek Adamcik“and was last updated on February 10, 2022, to version 1.5. Now the app has been removed from Google and is no longer available on the Play Store.

As the name implies, the infected app pretended to be a antivirus software which, in addition, also optimized the Android smartphone by deleting unnecessary files and clearing the memory.

In reality, however, the app preferred to clean up the current accounts of those who installed it on the smartphone by installing the virus shortly after the first start. SharkBot.

SharkBot: how it works

As the NCC Group researchers describe, SharkBot is a very clever malware and, therefore, very dangerous. Basically SharkBot is placed in the background and waits for the user to open theyour bank’s app. At this point SharkBot takes control of the smartphone, obscures the bank’s legitimate app and displays one fake screen that imitates it.

Thus, the user enters the login data in the fake screen and not in the real app. Data that, immediately after, are then sent to Command & Control server of the virus, which will use them to access the victim’s account.

So far, many other viruses do too, but SharkBot can do too something extra: has the ability to gain full control of an Android smartphone, if the user makes the mistake of granting the complete permissions to access the deviceand use this possibility for fill in automatically the fields of the screens of the legitimate apps of the banks, to make the transfers.

Basically the virus first shows a fake screen that mimics the bank’s app, to steal account credentials, e then opens the real app and independently interacts with the app to make automated money transfers.

SharkBot: how to defend yourself

All this, as it is easy to understand, is very dangerous also because nothing prevents hackers from using the same techniques even with apps other than banking ones: socialthe chatL’e-mail.

The key to this whole system, however, is fortunately in the hands of the user: to act undisturbed SharkBot needs the user to grant full permissions to the fake antivirus app.

For this, the advice is always the same: never grant permissions to apps that are not 100% secure, that do not have a well-known and reachable developer and, above all, read well what permissions are required and do not grant anything if an app asks for a permission that, in theory, should not be used for work.