New Android Trojan Targets Banking Apps and Crypto Wallets

Cybersecurity researchers have discovered a new banking trojan targeting the Android operating system. This malware infiltrates users’ mobile devices and attempts to access banking apps and cryptocurrency wallets.

The trojan has been named SharkBot, after one of the domains used by attackers for their command and control (C2) servers. The first attacks were detected at the end of October, drawing the attention of experts from Cleafy and ThreatFabric.

“At the time of writing, we have not observed any samples in the official Google Play Store,” the experts’ report states.

It appears that the creators of SharkBot use social engineering to trick users into downloading and manually installing the malicious app (a process known as sideloading). Google has repeatedly warned about the dangers of this installation method.

Once installed on the device, SharkBot requests the necessary system permissions and tries to gain access to special features—specifically, Android Accessibility. The malware then uses these permissions to simulate clicks and perform other harmful actions.

SharkBot can display fake login forms, record keystrokes on the virtual keyboard, extract two-factor authentication codes from SMS messages, and interfere with the operation of banking apps and cryptocurrency wallets.

ThreatFabric specialists emphasized that the Android trojan is still under development, indicating that its creators plan to add more features in the future.