Predict your next investment

Cleafy company logo
INTERNET | Internet Software & Services / Monitoring & Security
cleafy.com

See what CB Insights has to offer

Stage

Other Investors | Alive

Mosaic Score

+30 points in the past 30 days

What is a Mosaic Score?
The Mosaic Score is an algorithm that measures the overall financial health and market potential of private companies.

About Cleafy

Cleafy is a network security software developer which helps protect web and mobile applications from tampering attempts and deploys countermeasures to guarantee data and content integrity. It is based in Milan, Italy.

Cleafy Headquarter Location

Via Simone Schiaffino 11

Milan, 20158,

Italy

Latest Cleafy News

‘SharkBot’ Android Trojan Found Targeting Banking Apps and Crypto Exchanges

Nov 22, 2021

‘SharkBot,’ an Android banking trojan, is found plundering banking applications and cryptocurrency exchanges in the U.K., Italy, and the U.S. By Read Aloud A new botnet, dubbed “SharkBot,” is targeting Italy, the U.K., and the U.S., including banking applications and cryptocurrency exchanges. The Cleafy TIR team discovered the Android banking trojan in October 2021The botnet uses the ATS (Automatic Transfer System) technique to initiate money transfer from infected devices and evade multi-factor authentication. “Once SharkBot is successfully installed in the victim’s device, attackers can obtain sensitive banking information through the abuse of Accessibility Services, such as credentials, personal information, current balance, etc., but also to perform gestures on the infected device,” the researchers at Cleafy said. SharkBot has a very low detection rate due to the implementation of string obfuscation routine, emulator detection, and a domain generation algorithm (DGA) for its network communication. It executes an Overlay attack to filch login credentials and credit card information. The trojan also has the potential to intercept legitimate banking communications sent through SMS. The malware for SharkBot has been written from scratch and is anticipated to be at an early stage of development. SharkBot Explained Per Cleafy, the ATS technique has recently been noticed in other banking trojans, such as Gustuff, which enables attackers to auto-fill fields in legitimate mobile banking apps and initiate money transfers from compromised devices. “Contrary to TeaBot and Oscorp/UBEL where a live operator is required to insert and authorize a money transfer, with ATS technique threat actors can scale up their operations with minimum user intervention. We assume that SharkBot is trying to bypass behavioral detection countermeasures (e.g., biometrics) put in place by multiple banks and financial services with the abuse of Android Accessibility Services, also bypassing the need of a “new device enrollment,” said Cleafy. SharkBot’s Features Obtain full remote control of an Android device (via Accessibility Services) The malicious app is installed on the users’ devices using the side-loading technique and social engineering schemes. The application also apes icons and commonly used app names of banking applications. After a successful installation, the trojan activates fake pop-ups like ‘Allow Media Player’ to take complete control of the device. How SharkBot Evades Detection Strings obfuscation: To slow down the static analysis and “hide” all the commands and important information used by the malware. Anti-Emulator: When the malicious application is installed on the device, it checks if the device is an emulator or a real phone. This technique is usually used to bypass sandboxes or common emulators used by researchers during the dynamic analysis. External ATS module: Once installed, the malware downloads an additional module from the C2. The external module is a “.jar” file that contains all the functionality used to perform the ATS attacks. Hide the icon app: Once installed, SharkBot hides the icon of the app from the device screen. Anti-delete: Like other malware, SharkBot uses Accessibility Services to avoid that the user uninstalling the malicious application from the settings options. Encrypted communication: All the communication between the malware and C2 is encrypted and encoded with Base64. In addition to this, SharkBot uses a Domain Generator Algorithm (DGA). Automatic Transfer System Recently Emotet , a banking-trojan-turned-botnet, was in the news for resurfacing after a hiatus of 10 months. Another version which was spotted in 2014, also used the ATS technique to rob victims’ bank accounts. The version then had a modular structure, including an installation module, banking module, spam bot module, a module for stealing address books from Microsoft Outlook, and a module for organizing distributed denial-of-service (DDoS) attacks. Due to its harvesting capability, the technique is popular as it initiates direct financial transfers rather than stealing credentials and then using the stolen data to pilfer. TAGS

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

Cleafy Patents

Cleafy has filed 3 patents.

The 3 most popular patent topics include:

  • Computer network security
  • Internet privacy
  • Social networking services
patents chart

Application Date

Grant Date

Title

Related Topics

Status

3/24/2021

Computer network security, Wireless networking, Remote desktop, Social networking services, Internet privacy

Application

Application Date

3/24/2021

Grant Date

Title

Related Topics

Computer network security, Wireless networking, Remote desktop, Social networking services, Internet privacy

Status

Application

Cleafy Web Traffic

Rank
Page Views per User (PVPU)
Page Views per Million (PVPM)
Reach per Million (RPM)
CBI Logo

Cleafy Rank

CB Insights uses Cookies

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.