SharkBot — A New Android Trojan Stealing Banking and Cryptocurrency Accounts

Since late October 2021, new Android Trojan named SharkBot is affecting multiple android devices in 24 countries including US.

What is SharkBot

SharkBot is android Trojan compromising banking and crypto app to hijack password, PIN, SMS and do unauthorized transactions.

How

• It uses android’s accessibility feature to log keyboard’s input & to read private SMS.
• This payload is injected into some popular player apps.

Detection

SharkBot uses different anti-analysis and detection techniques

• Hide the icon of the app from the device screen
• Anti-delete. Like other malware, SharkBot uses the Accessibility Services to prevent the user from uninstalling the malicious application from in Settings
• Encrypted communication. All the communication between the malware and C2 are encrypted and encoded with Base64. In addition to this, SharkBot uses a Domain Generator Algorithm (DGA).

Presentation

• Don’t install any suspicious app or don’t give unnecessary app permissions.
• Many devices comes with Secure Keyboard feature, which prevents keyboard logging.
• use two step verification or Bio-metric login if possible

Originally published at https://blog.planckstudio.in on November 17, 2021.