Google has removed six antivirus apps from its Play Store as they were being used to spread malware. Cybersecurity experts from Check Point Research (CPR) spotted a total of six different antivirus apps available on the official Android marketplace, that is Google Play Store, spreading banking malware “Sharkbot“. They immediately informed the search engine giant about their findings.
These six applications seemed to be genuine antivirus software, but in reality, they downloaded and installed Sharkbot, an Android Stealer.
What is Sharkbot malware?
Sharkbot is a type of malware that collects users’ passwords and banking information. Sharkbot malware entices victims to enter their login credentials into windows that look like legitimate credential entry forms. When a user enters all credentials, the data is hacked and transferred to a hostile server.
What is more interesting is, Sharkbot malware doesn’t go after every prospective victim it comes across, but rather a subset of them. It uses the geofencing feature to identify and ignore Android smartphone users from China, India, Romania, Russia, Ukraine, or Belarus.
Six Android apps spread malware
If you are an Android user, you should be extra cautious when installing these malicious applications: Atom Clean-Booster, Antivirus, Antivirus, Super Cleaner, Alpha Antivirus, Cleaner, Powerful Cleaner, Antivirus, Center Security – Antivirus (two versions).
These Andriod apps came from three developer accounts, Zbynek Adamcik, Adelmio Pagnotto, and Bingo Like Inc. Two of these accounts were active in the fall of 2021, according to their account history.
Although some of the apps linked with these accounts have been deleted from Google Play, they can still be found in unauthorized markets. This could indicate that the person behind these applications is attempting to remain undetected while carrying out malicious activities. Therefore, all smartphone users, who have downloaded these Android apps before they were removed from Play Store, are advised to uninstall them immediately.
Check Point Research team says these applications, which are now removed from Google Play, were downloaded and installed approximately 15 thousand times.
In a nutshell
As the adoption of smartphones and mobile internet has grown over time, an unprecedented number of people now rely on apps for their daily tasks, including banking. As a result, it is now very easy for smartphone users to fall victim to these hackers. Unlike Apple, Google has been dealing with malware-related issues on Android OS for a long time due to its openness and fragmentation.
In November 2021, over 300,000 Android users have downloaded the banking trojan malware apps that are designed to steal personal information and passwords among other things.
Alien, Cerebrus, BlackRock, WolfRAT, and other malware have all been known to pose a significant threat to Android users.
