It is so easy to become complacent in our cybersecurity behaviors. But Android users should be given a shake this week and alerted to malware that is being deployed unknowingly by users who think that they are downloading anti-virus apps via the Google Play store. There were six different cases found to contain the Sharkbot malware in recent days. Initially discovered in October of 2021, this banking trojan makes money transfers by stealing credentials and banking information.
Sharkbot is a type of malware that provides what appears to be a legitimate application and login form, where then the users provide all necessary details and are immediately hacked and transferred to a hostile server. It can also deploy other malicious behaviors and tasks on a device in addition to stealing login credentials. An example of this might be intercepting your bank communications that are sent through SMS text messages. And it has the capacity to bypass multi-factor authentication that is in place. It initiates money transfers via Automatic Transfer Systems, known as ATS, which is used to better authenticate user ids and flag suspicious money transfers.
Who is (Currently) Targeted?
While no one can avoid being a target of cybercrime, Android users – in fact, as many as 15,000 users were the ones that downloaded and installed one of the applications before they were removed. Sharkbot malware has not been attacking every user but has been attacking a subset of these users, and by using geofence technology, they identify and avoid users from China, India, Ukraine, Belarus, and Russia.
Developer accounts from Zbynek, Adamcik Adelmio Pagnott, and Bingo Like Inc were the three that had six apps infected with the malware. These included Powerful Cleaner, Atom Clean-Booster, Alpha Antivirus, and others.
While they have since been removed from the Google Play store, if you or any of your clients downloaded these prior to their removal, they should be uninstalled immediately. What we learn from situations like this is that a strong cybersecurity posture is a war that does not end once a training course is taken, or a breach occurs. The need for awareness, training and research into cybercrime tactics being used will never go away as long as we are using electronic devices to share and store our data. Your service offering should include ongoing training and should always be an integral part of your client’s business process.