SharkBot is found at the end of October 2021 by the Cleafy Threat Intelligence Team. The malware comes with classic features such as stealing SMS, stealing contacts, abusing accessibility service, overlay attack ,and intercept received SMS. And comes with new techniques such as ATS which enables the malware to transfer money by auto-filling fields in legitimate banking apps and imitate money transfers. And Auto Direct reply technique this enables the malware to spread more. When a message comes to the user and the user reply to the message through the notification not through entering the messaging app this called Direct reply. The malware can intercept the received messages notification and auto direct reply with a malicious link to download a malicious app. But in newer versions of SharkBot, Auto direct reply is not implemented.
In this article, we will analyze two sample because we will explain Auto direct reply which is not implemented in newer versions of the malware. And we will analyze new version of SharkBot sample which has ATS technique and other techniques. Technical analysis of SharkBot Android malware
Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer