sharkbot (3)

10812254669?profile=RESIZE_400xThe Android banking trojan known as SharkBot has once again made an appearance on the Google Play Store by masquerading as antivirus and cleaner apps. This new dropper does not rely on Accessibility permissions to automatically install the dropper Sharkbot malware.  This new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats.

See:  https://redskyalliance.org/xindustry/don-t-get-bitten-by-sharkbot

The apps in question, Mister Phone

10807323087?profile=RESIZE_400xActivity Summary - Week Ending on 9 September 2022:

  • Red Sky Alliance identified 22,128 connections from new IP’s checking in with our Sinkholes
  • storeiq[.]eu in Poland hit 24x
  • Analysts identified 2,085 new IP addresses participating in various Botnets
  • Samsung Hack
  • Samsung’ Rebuttal
  • SharkBot
  • 3rd Party Vulnerabilities
  • AI Lessons
  • Eni in Italy
  • US – LA School District Hit

Link to full report: IR-22-252-001_weekly252.pdf

9837181474?profile=RESIZE_400xA new Android banking trojan has been discovered targeting international banks and cryptocrrency services from the United Kingdom, Italy and the US.  Twenty-two instances have been reported so far.  The malware, first detected at the end of October 2021, appears to be new and is still being developed.  It was discovered by Cleafy, an Italian fraud detection and prevention firm.  Cleafy calls it ‘SharkBot’, named after the frequency of the word ‘sharked’ in its binaries.

SharkBot is not found in