The rar attachment contains an exe file: the malware itself. Objective: to steal information from the victim.
Sharkbot is an Android banking stealer disguised as an AV. Check Point cybersecurity experts: The malware steals credentials and banking information. It was spread via Google Play Store. Many victims from Italy and UK
Sharkbot is an Android banking stealer, disguised as legitimate anti-virus app on Google Play Store. It has been discovered by Check Point cybersecurity experts. The malware steals credentials and banking information and, until now, it has hit at least 1,000 uniqe IP addresses, most of them from Italy and UK. The malicious code lures victims to enter their credentials in windows that mimics benign credential input forms. Then, the compromised data is sent to a cybercrime malicious server. Sharkbot doesn’t target every potential victim it encounters, but only select ones, using the geofencing feature to identify and ignore users from China, India, Romania, Russia, Ukraine or Belarus. Researchers spotted a total of six different applications in the Google Play store that were spreading Sharkbot and reported to Google, that removed them. But it seems they have been downloaded over 15,000 times.