Goin N' Ballzdiep
Familiar Face
The SharkBot malware family was first identified in October of last year, and since then, it has developed new techniques for breaking into users' Android-based bank and cryptocurrency apps. Additionally, a recently updated version of malware that targets banking and cryptocurrency software has just appeared on the Google Play market. It now has the capacity to gather cookies from account logins and get around biometric or authentication restrictions.
On Friday, Mike Stokkel, a medical intelligence analyst, and malware analyst Alberto Segura, a malware analyst, jointly posted a warning on Twitter about the most recent iteration of the virus and a link to a paper they co-authored for the Fox IT blog.
I have quoted the twitter post below:
SharkBot has identified 22 targets, including five cryptocurrency exchanges and a number of international institutions in the United States, the United Kingdom, and Italy, according to a thorough investigation by the Italian security firm Cleafy. The previous version of the malware "relied on accessibility rights to automatically execute the installation of the dropper SharkBot malware," according to its method of attack.
However, the most recent version "requests the user to install the malware as a bogus update for the antivirus to stay protected against threats." Once installed, SharkBot can use the command "logsCookie" to steal a victim's legitimate session cookie when they sign into their bank or cryptocurrency account, bypassing any biometric or authentication measures.
This goes to show that there are apps out there that have no other purpose other than to steal your information and just because it is on the app store does not mean it is safe! Please do your own due diligence and research the apps you are downloading. Always be on edge when anything asks you to sign into your bank or any crypto wallet.
On Friday, Mike Stokkel, a medical intelligence analyst, and malware analyst Alberto Segura, a malware analyst, jointly posted a warning on Twitter about the most recent iteration of the virus and a link to a paper they co-authored for the Fox IT blog.
I have quoted the twitter post below:
SharkBot has identified 22 targets, including five cryptocurrency exchanges and a number of international institutions in the United States, the United Kingdom, and Italy, according to a thorough investigation by the Italian security firm Cleafy. The previous version of the malware "relied on accessibility rights to automatically execute the installation of the dropper SharkBot malware," according to its method of attack.
However, the most recent version "requests the user to install the malware as a bogus update for the antivirus to stay protected against threats." Once installed, SharkBot can use the command "logsCookie" to steal a victim's legitimate session cookie when they sign into their bank or cryptocurrency account, bypassing any biometric or authentication measures.
This goes to show that there are apps out there that have no other purpose other than to steal your information and just because it is on the app store does not mean it is safe! Please do your own due diligence and research the apps you are downloading. Always be on edge when anything asks you to sign into your bank or any crypto wallet.
