The applications gathered a sum of 15,000 downloads on the Google Play store before they were removed.
Google has report remove six applications infected with the Sharkbot bank stealer malware from the Google Play store.. The apps were downloaded 15,000 times before they were ejected from the store. All six apps were designed to cause as antivirus solutions for android smartphones and were designed to select targets using a geofencing feature, stealing their login credentials for various websites and services. These infected applications were reportedly used to target users in italy and the UK.
According to a blog post by Check purpose analysis, six android applications pretending to be real antivirus apps on the Google Play store were known as “droppers” for the Sharkbot malware. Sharkbot is an android stealer that’s used to infect devices and steal login credentials and payment details from unsuspecting users. after a dropper application is installed, it can be used to transfer a malicious payload and infect a user’s device — evading detection from on the Play Store.
| Also Read | Infosys is shutting down its Russia office |
The Sharkbot malware used by the six fraudulent antivirus applications also used a ‘geofencing’ feature that’s use to target victims in specific regions. according to the team at Check purpose analysis, the Sharkbot malware is designed to identify and ignore users from China, India, Romania, Russia, Ukraine, or Belarus. The malware is reportedly capable of detecting once it’s being run in a sandbox and stops execution and shuts down to prevent analysis.
Check point analysis known six applications from 3 developer accounts — Zbynek Adamcik, Adelmio Pagnotto, and bingo Like inc. The team also cites statistics from AppBrain that reveals that the six applications were downloaded a complete of 15,000 times before they were removed. Many applications from these designers are as yet accessible in third party markets, regardless of having been remove from Google Play.
Four malicious apps were discovered on Feb 25 and reported to Google on March 3. The applications were removed from the Play Store on March 9, according to Check purpose analysis. Meanwhile, two more Sharkbot dropper apps were discovered on March 15 and March 22 — each were reportedly removed on March 27.
The researchers also outlined a total of 22 commands used by the Sharkbot malware, including requesting permissions for SMS, downloading java code and installation files, updating native databases and configurations, uninstalling applications, harvesting contacts, disabling battery improvement (to run within the background), and sending push notifications, listening for notifications. Notably, the Sharkbot malware may also ask for accessibility permissions, allowing it to see the contents of the screen and perform actions on the user’s behalf.
According to the team at Check purpose analysis, users can keep safe from malware masquerading as legitimate software by only installing applications from trusted and verified publishers. If users find an application by a brand new publisher (with few downloads and reviews), it’s better to look for a trusty alternative. Users may also report seemingly suspicious behaviour to Google, according to the researchers.