SharkBot

SharkBot is an Android banking trojan that first showed up in October 2021, sneaking around with Automatic Transfer Systems (ATS) to perform silent, fraudulent transactions. It cleverly skips multi-factor authentication by abusing accessibility services, letting attackers move money with zero user involvement.

Key Insights

SharkBot rides the new wave of mobile malware, wielding ATS to trigger unauthorized transfers and packing features like overlay attacks, keylogging, SMS interception, and remote control. Its latest versions use Domain Generation Algorithms and anti-emulator tactics to stay undetected and dodge takedowns.

Known Variants

SharkBot debuted in October 2021, got a major overhaul in September 2022 with smarter C2, and by February 2025 (v1.63) boosted its stealth. Each upgrade proves attackers are always one step ahead.

Mitigation Strategies

Download applications exclusively from official app stores and verify publisher information
Enable Google Play Protect and use reputable mobile security solutions
Exercise caution when granting accessibility permissions to applications
Implement biometric authentication for banking apps and financial transactions
Monitor accounts for unauthorized transactions and enable transaction notifications

Targeted Industries or Sectors

Banks, payment processors, credit unions, and crypto services all land in SharkBot’s crosshairs. It craves high-value transactions and sensitive data, turning these sectors into prime targets.

Associated Threat Actors

No specific attribution is available in current intelligence, though the malware is deployed by financially-motivated cybercriminals targeting users primarily in the UK, Italy, US, Spain, Australia, Poland, Germany, and Austria.