Application security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

‘SharkBot’ botnet taking bite out of mobile banking

A botnet dubbed “SharkBot” is targeting mobile banking customers are being targeted in Europe. Pictured: A woman uses a cashpoint ATM on Nov. 3, 2017, in Bristol, England. (Photo by Matt Cardy/Getty Images)

Botnet attacks are zeroing-in on banks and banking customers in Europe. And, as cybercriminals are nothing if not efficient, U.S. financial service institutions can assume these scams will hit here before long.

The botnet that has largely honed-in on banking has been dubbed “SharkBot” by security researchers at Cleafy, and it has been affecting banking customers throughout Europe.

While still in its early stages of development, this particular botnet attack has been very effective as it uses Automatic Transfer Systems to bypass protections normally provided by multi-factor authentication. For its part, the financial industry-focused SharkBot operates by initiating money transfers from compromised devices via Automatic Transfer Systems (ATS) technique, bypassing multi-factor authentication mechanisms. These mechanisms are employed to enforce users' identity verification and authentication, they are usually combined with behavioral detection techniques to identify suspicious money transfers.

Terry Ray, senior vice president of strategy for financial services and healthcare at Imperva, said he believed that the bad actors behind SharkBot have targeted mobile banking users because this particular group is often less vigilant about ignoring unfamiliar email links and installing new applications on their mobile devices than they are about their laptops.

“Basic cyber hygiene for consumers and the enterprise, means deleting or avoiding suspicious links from unknown senders,” Ray said. “Especially if it relates to financial institutions. Banks will continue to be a prime target for cybercriminals to carry out a variety of attacks and techniques.”

Aviad Hasnis, chief technology officer at autonomous breach protection company Cynet, pointed out that botnet attacks are “extremely pernicious. Banks can take steps to proactively mitigate this type of attack by deploying mobile-device management solutions that can spot the attack-chain leading to the installation of such malware,” he added.

Starting at the end of October, the Android banking trojan which has come to be known as “SharkBot” surfaced in Europe. According to experts, “SharkBot” belongs to a new generation of mobile malware, which can perform ATS attacks inside the infected device. This technique has previously been seen in other banking trojans, such as Gustuff. By manipulating the bank’s automated transfer system, a fairly advanced attack method, attack vectors like SharkBot can scale up their attacks and make a greater impact and financial hit.

Ray said that malicious bot traffic is a “significant threat for all banks. Because botnets operate around-the-clock, bot protection should be a primary focus for every financial institution,” Ray said. “Strategy should be built around understanding an institution’s website, particularly what information or services could be scraped or attacked by the botnet.”

Peter Bookman, CEO at, pointed out that “cybercriminals are finding more creative ways to steal, and the attack surface they have access to has gone exponential across global networks and devices.” With this in mind, FISs that want to protect themselves from botnet attacks, Bookman said, “can always enable 2FA that is not SMS or push-based. Finding ways to test your environments, enacting policies and encouraging good cyber hygiene practices with your teams, these are key in the fight against cyberattacks."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.