Cybersecurity researchers at Cleafy and ThreatFabric have discovered a new Android trojan that steals data from banking apps and cryptocurrency wallets. This is stated on the official Cleafy website.
Attackers independently distributed the SharkBot Trojan, using social engineering forcing users to download and install the malware on their smartphones. No infected programs were found in the official Google Play Store for Android devices.
After installation, SharkBot asks for the necessary rights in the system and tries to access accessibility features of the operating system.
Then the malware displays fake forms for entering credentials in order to collect information about the victim later, and remembers the sequence of keystrokes. In addition, SharkBot can receive two-factor authentication codes from SMS messages, as well as interfere with banking applications and cryptocurrency wallets.