Latest Posts

There Is A Virus In The Antivirus: Delete This App

NCC Group has discovered a new app infected by a new version of SharkBot: it is a fake antivirus that attacks current accounts. Another infected app passed the pre-publication checks on the Play Store unscathed and was installed by over a thousand users, with a consequent risk for the current account of the smartphone owner. According to NCC Group researchers, the app in question, a fake antivirus, contained the SharkBot malware, which is very dangerous. 

NCC Group and other research teams found an increase in the circulation of Android malware and, in particular, banking Trojans in particular last year. In other words, viruses that, with more or less sophisticated techniques, manage to steal the credentials to access current accounts or credit cards and then proceed to steal money from the victims. Sharkboy is one of these malware, and, in the last year, it has evolved and changed, becoming more dangerous because, in a certain sense, it is ” automated “: that is, the hacker does not need to act personally to make payments. Towards his accounts from the victim’s account, he does all the virus independently.

Which Infected App Was Discovered

The app that contained SharkBot is called ” Antivirus, Super Cleaner “it was published by ” Zbynek Adamcik ” and was last updated on February 10, 2022, to version 1.5. The app has been removed from Google and is longer available on the Play Store.

As the name implies, the infected app pretended to be antivirus software which, in addition, also optimized the Android smartphone by deleting useless files and cleaning up the memory. In reality, however, the app preferred to clean up the current accounts of those who installed it on the smartphone by installing the SharkBot virus shortly after the first start.

Sharkboy: How It Works

As the NCC Group researchers describe, SharkBot is a very clever malware and, therefore, very dangerous. Sharkboy places itself in the background and waits for the user to open the app of his bank. Sharkboy takes control of the smartphone, obscures the bank’s legitimate app, and displays a fake screen that mimics it. Thus, the user enters the login data on the fake screen and not in the actual app. Soon after, data is then sent to the Virus Command & Control server, which will be used to access the victim’s account.

So far, many other viruses do too. Still, SharkBot can do something more: it can gain complete control of an Android smartphone if the user makes the mistake of granting full access permissions to the device and use this possibility to fill automatically in the fields of the screens of the legitimate apps of the banks, to make the transfers. In practice, the virus first shows a fake screen that imitates the bank app to steal the account credentials and then opens the app and, independently, interacts with the app to make automated money transfers.

Sharkboy: How To Defend Yourself

All this, as it is easy to understand, is very dangerous also because nothing prevents hackers from using the same techniques even with apps other than banking ones: social media, chats, and email. However, the key to this whole system is fortunately in the hands of the user: to act undisturbed, SharkBot needs the user to grant full permission to the fake antivirus app.

For this reason, the advice is always the same: never grant permissions to apps that are not 100% safe, that do not have a well-known and reachable developer, and, above all, read carefully what permissions are required and do not grant anything if an app she asks for a permit which, in theory, she shouldn’t need to function.


Latest Posts

Don't Miss