Used to pretend to be an antivirus solution
According to a blog post by Check Point Research, these 6 Android apps that appeared to be original antivirus apps on the Google Play Store were seen as droppers for the Sharkbot malware. Sharkbot is an Android stealer used to infect devices and steal login credentials and payment details from users. Once the Dropper app is installed, it can be used to download malicious payloads and infect users’ devices.
Malware designed for users of these countries
The Sharkbot malware used by these 6 fraud antivirus apps also used a geofencing feature, which is used to target users in specific regions. According to the team at Check Point Research, the Sharkbot malware is designed to identify users from China, India, Romania, Russia, Ukraine or Belarus. Malware can reportedly check when it is being run in a sandbox and prevent execution and analysis. Check Point Research looked at 6 apps during this period from 3 developer accounts Zbynek Adamcik, Adelmio Pagnotto and Bingo Like Inc. The team also talks about AppBrain’s data, which shows that 6 apps were downloaded a total of 15,000 times before they were removed. Even after removing them from the Google Play Store, some apps of these developers are still present in the third party market.
google action
According to Check Point Research, 4 malicious apps were seen on 25 February and Google was informed about it on 3 March. The apps were removed from the Play Store on March 9. This was followed by 2 more Sharkbot dropper apps on March 15 and March 22, both of which were reportedly removed on March 27. According to the team at Check Point Research, users should download and install apps only from Google Play Store, Apple App Store or any other trusted and verified space. In this way the security is maintained.
For the latest tech news, smartphone reviews and exclusive offers on popular mobiles, download the Gadgets 360 Android app and follow us on Google News.