Cybersecurity researchers at Cleafy discovered a new Andriod banking Trojan that has the ability to circumvent multi-factor authentication controls via the abuse of the Automatic Transfer System (ATS). The trojan was discovered in October and does not appear to belong to any known malware family. Researchers have named the malware SharkBot. SharkBot has been found in financially-motivated attacks in which it attempts to steal funds from vulnerable handsets running the Google Android operating system. Infections have been uncovered in the US, Italy, and the UK. Researchers believe that the malware is likely a private botnet and is still in the early stages of development.
Researchers state that they believe the modular malware belongs to the next generation of mobile malware able to perform attacks based on the ATS. ATS allows attackers to automatically fill in fields on an infected device with little to no human input. It works similarly to the Gutstuff banking Trojan in that the autofill service is launched to facilitate fraudulent money transfers while using legitimate service apps. This has become a general trend in malware development compared to older techniques on mobile devices such as phishing domains.
Read More: New banking Trojan SharkBot makes waves across Europe, US