SharkBot Banking malware masquerades as Android antivirus app

SharkBot Banking malware masquerades as Android antivirus app
Russell Kidson

Russell Kidson

  • Updated:

Malware analysts have uncovered a threat actor behind a particularly nasty Android banking app trojan named SharkBot. SharkBot has evaded Google Play Store’s security framework for a while, hiding within the coding of deceptive antivirus apps. 

Similar to its contemporaries, TeaBot, Oscorp (UBEL), and FluBot, SharkBot belongs to a virulent category of financially-centered malicious software designed to gain access to users’ banking information. It is able to achieve this by circumventing complex authentication mechanisms and thus siphon banking app credentials and initiating financial transfers from infected devices.

SharkBot does, however, have a few key differences to its contemporaries that make it a far more dangerous trojan. While other malicious software like TeaBot requires a live operator to remotely interact with the compromised device, SharkBot is capable of leveraging Automatic Transfer Systems. This means that it can carry out unauthorized financial transactions without a third party interacting with infected devices. 

In a recent report, malware analysts at the NCC Group cybersecurity firm said the following: ‘The ATS features allow the malware to receive a list of events to be simulated, and they will be simulated in order to do the money transfers. Since these features can be used to simulate touches/clicks and button presses, it can be used to not only automatically transfer money but also install other malicious applications or components.’

What this means is that once SharkBot has infiltrated a user’s device, it can virtually do anything. It’s able to record touches and keystrokes, create false overlays to trick you into interacting with it instead of your legitimate apps, and even install other malware without your knowledge. 

Four apps have been identified on Google Play as containing the trojan. All four are antivirus apps:

  • Super Cleaner
  • Atom Clean-Booster
  • Alpha Antivirus
  • Powerful Cleaner

Combined, these apps have been installed around 57,000 times since SharkBot was released. 

The worst aspect about this virus being injected into fake antivirus apps is that they’re apps that antivirus protection is a class of application every Android user should have. So how do you know which antivirus to trust? 

The best precaution is to go with a name you trust. Luckily, antivirus providers like Avast, Norton, and Malwarebytes have mobile clients. Android phones also usually come preloaded with antivirus software, most often supported by Avast. Why not check out our verdict on the mobile clients of your favorite antivirus providers?

Malwarebytes cyberprotection FREE DOWNLOAD
Russell Kidson

Russell Kidson

I hail from the awe-inspiring beauty of South Africa. Born and raised in Pretoria, I've always had a deep interest in local history, particularly conflicts, architecture, and our country's rich past of being a plaything for European aristocracy. 'Tis an attempt at humor. My interest in history has since translated into hours at a time researching everything from the many reasons the Titanic sank (really, it's a wonder she ever left Belfast) to why Minecraft is such a feat of human technological accomplishment. I am an avid video gamer (Sims 4 definitely counts as video gaming, I checked) and particularly enjoy playing the part of a relatively benign overlord in Minecraft. I enjoy the diverse experiences gaming offers the player. Within the space of a few hours, a player can go from having a career as an interior decorator in Sims, to training as an archer under Niruin in Skyrim. I believe video games have so much more to teach humanity about community, kindness, and loyalty, and I enjoy the opportunity to bring concepts of the like into literary pieces.

Latest from Russell Kidson

Editorial Guidelines