[ad_1]
The Sharkbot malware family is once again at the center of attention and after having been identified in the fall of last year, right now it is again the protagonist. Apparently it seems to have made a comeback with a more dangerous and improved version.
The issue is with Android, as it has recently re-emerged within a banking and crypto app, which now has the ability to steal cookies from account logins and bypass fingerprints or authentication requirements. A warning about the new version of the malware was shared by analyst, Alberto Segura, and intelligence analyst, Mike Stokkel, on their Twitter accounts on September 2.
According to Segura, the new version of the malware was identified on August 22 and, as claimed by himself “It can perform overlay attacks, steal data via keylogging, intercept SMS messages, or provide complete remote control of the host device by abusing accessibility services.”
There is therefore no joke, also why the new version was found inside two android appsor ‘Mister Phone Cleaner’ and ‘Kylhavy Mobile Security’, which since their debut in the Play Store have respectively accumulated 50,000 and 10,000 total downloads. The two apps made it to the Play Store undisturbed as Google’s automated code review did not detect any malicious code.
They have now been removed but according to some security experts, users who installed them without knowing the real purpose for which they were created may still be at risk and should manually remove them.
An in-depth analysis by Italian security firm Cleafy found that SharkBot has 22 targets, which include five cryptocurrency exchanges and a number of international banks in the US, UK and Italy. As for how the malware attacked, the previous version of the SharkBot malware relied on accessibility permissions to automatically perform the installation of the SharkBot dropper malware, while this new version differs in asking the victim to install the malware as a fake update in order for the antivirus remains protected from threats.
It is therefore not present in the application itself and therefore represents an even more serious problem. Once installed, when the victim logs into their bank or crypto account, SharkBot is able to rip the valid session cookie via the “logsCookie” command, which basically ignores any authentication or fingerprinting method used.
According to the first analysis of Cleafy’s SharkBot, SharkBot’s main goal was to initiate money transfers from compromised devices through the technique of automatic transfer systems (ATS) thus bypassing multi-factor authentication mechanisms.
[ad_2]
Source link
