Researchers have uncovered a new Android Trojan that can bypass multi-factor authentication on banking apps, putting users’ financial information and money at risk.
The Android malware, dubbed ‘SharkBot,’ has been discovered in attacks across Europe and the United States, which is focused on stealing funds from mobile phones using the Google Android operating system.
The researchers from cyber security firm Cleafy said in a statement, “The main goal of SharkBot is to initiate money transfers from the compromised devices via Automatic Transfer Systems (ATS) technique bypassing multi-factor authentication mechanisms,”
The team added “These mechanisms are used to enforce users’ identity verification and authentication, and are usually combined with behavioural detection techniques to identify suspicious money transfers,”
Since many anti-analysis techniques have been implemented, ‘SharkBot’ appears to have a very low detection rate by antivirus solutions.
The researchers informed “Once SharkBot is successfully installed in the victim’s device, attackers can obtain sensitive banking information through the abuse of Accessibility Services, such as credentials, personal information, current balance, etc., but also to perform gestures on the infected device,”
As it can launch ATS attacks inside the affected device, ‘SharkBot’ belongs to a “new” generation of mobile malware.
Other banking trojans, such as Gustuff, have used this technique in the recent past.
ATS (Automatic Transfer System) is a sophisticated attack technique which is still relatively new on Android that allows attackers to auto-fill fields in legal mobile banking apps and initiate money transfers from compromised devices.
According to the report, the malicious app is installed on users’ devices via both side-loading technique and social engineering schemes.