Google Removes Six Sharkbot-Infected Apps Posing as Antivirus Apps

Google has reportedly eliminated six apps contaminated with the Sharkbot financial institution stealer malware from the Google Play retailer. The apps have been downloaded 15,000 occasions earlier than they have been ejected from the shop. All six apps have been designed to pose as antivirus options for Android smartphones and have been designed to pick targets utilizing a geofencing function, stealing their login credentials for varied web sites and companies. These contaminated purposes have been reportedly used to focus on customers in Italy and the United Kingdom.

According to a blog post by Check Point Research, six Android purposes pretending to be real antivirus apps on the Google Play retailer have been recognized as “droppers” for the Sharkbot malware. Sharkbot is an Android Stealer that’s used to contaminate units and steal login credentials and cost particulars from unsuspecting customers. After a dropper utility is put in, it may be used to obtain a malicious payload and infect a person’s gadget — evading detection from on the Play Store.

The six malicious purposes that have been faraway from the Play Store
Photo Credit: Check Point Research

The Sharkbot malware utilized by the six fraudulent antivirus purposes additionally used a ‘geofencing’ function that’s used to focus on victims in particular areas. According to the staff at Check Point Research, the Sharkbot malware is designed to determine and ignore customers from China, India, Romania, Russia, Ukraine, or Belarus. The malware is reportedly able to detecting when it’s being run in a sandbox and stops execution and shuts down to stop evaluation.

Check Point Research recognized six purposes from three developer accounts — Zbynek Adamcik, Adelmio Pagnotto, and Bingo Like Inc. The staff additionally cites statistics from AppBrain that reveals that the six purposes have been downloaded a complete of 15,000 occasions earlier than they have been eliminated. Some of the purposes from these builders are nonetheless obtainable in third celebration markets, regardless of having been faraway from Google Play.

Four malicious apps have been found on February 25 and reported to Google on March 3. The purposes have been faraway from the Play Store on March 9, in accordance with Check Point Research. Meanwhile, two extra Sharkbot dropper apps have been found on March 15 and March 22 — each have been reportedly eliminated on March 27.

The researchers acknowledged that the apps had been downloaded 15,000 occasions earlier than they have been eliminated
Photo Credit: Check Point Research

The researchers additionally outlined a complete of twenty-two instructions utilized by the Sharkbot malware, together with requesting permissions for SMS, downloading java code and set up information, updating native databases and configurations, uninstalling purposes, harvesting contacts, disabling battery optimisation (to run within the background), and sending push notifications, listening for notifications. Notably, the Sharkbot malware can even ask for accessibility permissions, permitting it to see the contents of the display and carry out actions on the person’s behalf.

According to the staff at Check Point Research, customers can keep protected from malware masquerading as professional software program by solely putting in purposes from trusted and verified publishers. If customers discover an utility by a brand new writer (with few downloads and evaluations), it’s higher to search for a trusted various. Users can even report seemingly suspicious behaviour to Google, in accordance with the researchers.