Tech giant Google has reportedly removed 6 apps infected with Sharkbot Bank Stealer malware from the Google Play Store. By the time these apps were removed from the Google Play Store, these apps had been downloaded more than 15 thousand times. All these 6 apps were developed as antivirus solutions for Android smartphones. These apps were designed to select targets using geofencing services while stealing the login credentials of people on multiple websites and services. These apps were reportedly used to target users in Italy and the UK.
Used to pretend to be an antivirus solution
According to a blog post by Check Point Research, these 6 Android apps that appeared to be original antivirus apps on the Google Play Store were seen as droppers for the Sharkbot malware. Sharkbot is an Android stealer used to infect devices and steal login credentials and payment details from users. Once the Dropper app is installed, it can be used to download malicious payloads and infect users’ devices.
Malware designed for users of these countries
A geofencing feature was also used in the Sharkbot malware used by these 6 fraud antivirus apps, which is used to target users in specific regions. According to the team at Check Point Research, the Sharkbot malware is designed to identify users from China, India, Romania, Russia, Ukraine or Belarus. Malware can reportedly check when it is being run in a sandbox and prevent execution and analysis. Check Point Research looked at 6 apps during this period from 3 developer accounts Zbynek Adamcik, Adelmio Pagnotto, and Bingo Like Inc. The team also talks about AppBrain’s data, which shows that 6 apps were downloaded a total of 15,000 times before they were removed. Even after removing them from the Google Play Store, some apps of these developers are still present in the third-party market.
According to Check Point Research, 4 malicious apps were seen on 25 February and Google was informed about it on 3 March. The apps were removed from the Play Store on March 9. This was followed by 2 more Sharkbot dropper apps on March 15 and March 22, both of which were reportedly removed on March 27. According to the team at Check Point Research, users should download and install apps only from Google Play Store, Apple App Store or any other trusted and verified space. In this way, the security is maintained.
According to Check Point Research, 4 malicious apps were seen on 25 February and Google was informed about it on 3 March. The apps were removed from the Play Store on March 9.