At the end of October, security researchers at Cleafy found new malware that did not appear to belong to any known family. Dubbed SharkBot, the malware has been traced to attacks that are focused on stealing funds from vulnerable handsets running the Android operating system. Based on research, it appears that the botnet is private and is still in the development stage. SharkBot is modular malware that researchers say belongs to the next generation of mobile malware able to perform attacks based on the Automatic Transfer System (ATS), which allows attackers to automatically fill in fields on an infected device. Cleafy suggests that SharkBot utilizes this technique in an attempt to bypass behavioral analytics, biometric checks, and multi-factor authentication (MFA). Once executed, the malware will immediately request accessibility permissions and will bombard the victim with pop-ups until it obtains access. SharkBot will then quietly perform standard window overlay attacks to steal credentials and credit card information, theft based on ATS, and is also able to key log and both intercept or hide incoming SMS messages.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is