Check Point Research discovered at least six separate applications on Google Play over the last month that were posing as legitimate antivirus software but were being utilized to install SharkBot on the smartphones of users who downloaded the apps. In the relatively short time that they were available, the six apps were downloaded over 15,000 times from three different developer accounts.
The malware, dubbed “next-generation” by its discoverer, exploits hacked Android devices to steal money from bank accounts while the victim is logged in, circumventing multi-factor authentication safeguards in the process. SharkBot can also steal credentials and credit card information, and it comes with several capabilities that make detection more difficult or time-consuming.
SharkBot’s use of the Domain Generation Algorithm (DGA) to continually switch up its C2 domains, which makes blocking the threat more difficult, is something Check Point hackers rarely seen in Android malware. SharkBot also has a geofencing feature that prevents the virus from executing on Android devices in China, Russia, Ukraine, India, Belarus, and Romania.
“A malicious client and hostile actor can update the C2 server in concert, without any communication,” explains Alexander Chailytko, Check Point Software’s cybersecurity research, and innovation manager. Sharkbot can produce 35 domains per week using DGA, which complicates the task of blocking malware operators’ servers, according to him.
Because all of SharkBot’s harmful actions are triggered via the command-and-control server, Chailytko claims that the malicious app can remain in an “OFF” state in Google Play for a test period and then become “ON” once it reaches the users’ devices.
A week later, Google removed the rogue apps from Google Play. Check Point detected two more apps with the malware on Google Play less than a week later — and then again a week later. Google’s security staff acted fast on both occasions to eliminate the dangers before they could be downloaded by consumers.
Before you can receive free updates, link building strategies or SEO tips you need to confirm your email right now.
(It’s easy)
Just go to your inbox, open the confirmation email from the SIA, and click the link.
And that’s it!
PS: If you don’t see a confirmation email, please check your spam/junk or promotions folders. Sometimes the confirmation message ends up there by mistake.
Obtenez nos 7 études S.I.A. les plus controversées qui feront trembler la tête même les SEO les plus avancés d’incrédulité.
De plus, nous vous alerterons lorsque nous publierons de nouveaux tests au public.
Obtenga nuestros 7 estudios S.I.A. más controvertidos que harán que incluso el SEO más avanzado sacuda la cabeza con incredulidad.
Además, le avisaremos cuando publiquemos nuevas pruebas al público.
Get Our Most 7 Controversial S.I.A. Studies That Will Make Even the Most Advanced SEO Shake Their Head in Disbelief.
Plus we will alert you when we publish new tests to the public.
