skip to Main Content

Cybercrime, SharkBot is back with new features

SharkBot is back with new features. Fox-It cybersecurity experts: The malware is spread by malicious mobile security apps and the dropper asks the victim to install the trojan

SharkBot is back, spread by malicious Android mobile security apps. This has been discovered by Fox-It cybersecurity experts, who detected the dropper active in Google Play. However, the new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats. Researchers found two SharkbotDopper apps active in Google Play Store, with 10K and 50K installs each of them. The updated malware version detects the action of a victim opening a banking application and performs an additional injection or an overlay attack to steal credentials. It shows the victim a phishing website in web view when the banking application is opened, stealing the credentials they use to log in via the fake website. Furthermore, it has also a keylogging feature.

Back To Top