New Delhi: ‘SharBot.’ This is the name of the new Android Trojan that can put users’ financial data and money at risk by circumventing multi-factor authentication on banking apps on smartphones.
It has been found in attacks across Europe and the US, focused on stealing funds from mobile phones running the Google Android operating system.
“The main goal of SharkBot is to initiate money transfers from the compromised devices via Automatic Transfer Systems (ATS) technique bypassing multi-factor authentication mechanisms,” researchers from cyber security firm Cleafy said in a statement, news agency IANS reported.
“These mechanisms are used to enforce users’ identity verification and authentication, and are usually combined with behavioural detection techniques to identify suspicious money transfers,” the team added.
‘SharkBot’ appears to have a very low detection rate by antivirus solutions since multiple anti-analysis techniques have been implemented, said researchers.
Once SharkBot is successfully installed in the victim’s device, attackers can obtain sensitive banking information through the abuse of Accessibility Services, such as credentials, personal information, current balance, etc., but also perform gestures on the infected device.
‘SharkBot’ belongs to a “new” generation of mobile malware, as it is able to perform ATS attacks inside the infected device.
This technique has already been seen recently from other banking trojans, such as Gustuff.
ATS is an advanced attack technique (fairly new on Android) that enables attackers to auto-fill fields in legitimate mobile banking apps and initiate money transfers from compromised devices.
The malicious app is installed on the users’ devices using both the side-loading technique and social engineering schemes, the report said.