Cybersecurity researchers have discovered a new Android Trojan that can circumvent multi-factor authentication on banking apps on smartphones, putting users’ financial data and money at risk.
Called ‘SharkBot’, the Android malware has been found in attacks across Europe and the US, focused on stealing funds from mobile phones running the Google Android operating system.
“The main goal of SharkBot is to initiate money transfers from the compromised devices via Automatic Transfer Systems (ATS) technique bypassing multi-factor authentication mechanisms,” the researchers from cyber security firm Cleafy said in a statement.
“These mechanisms are used to enforce users’ identity verification and authentication, and are usually combined with behavioural detection techniques to identify suspicious money transfers,” the team added.
‘SharkBot’ appears to have a very low detection rate by antivirus solutions since multiple anti-analysis techniques have been implemented.
“Once SharkBot is successfully installed in the victim’s device, attackers can obtain sensitive banking information through the abuse of Accessibility Services, such as credentials, personal information, current balance, etc., but also to perform gestures on the infected device,” the researchers informed.
‘SharkBot’ belongs to a “new” generation of mobile malware, as it is able to perform ATS attacks inside the infected device.
This technique has already been seen recently from other banking trojans, such as Gustuff.
ATS (Automatic Transfer System) is an advanced attack technique (fairly new on Android) that enables attackers to auto-fill fields in legitimate mobile banking apps and initiate money transfers from compromised devices.
The malicious app is installed on the users’ devices using both the side-loading technique and social engineering schemes, the report said.