• Home
  • Apps
  • Apps News
  • Google Removes 6 Apps Posing as Antivirus Apps, Used to Infect Phones With Sharkbot Malware

Google Removes 6 Apps Posing as Antivirus Apps, Used to Infect Phones With Sharkbot Malware

The apps accumulated a total of 15,000 downloads on the Google Play store before they were removed.

Google Removes 6 Apps Posing as Antivirus Apps, Used to Infect Phones With Sharkbot Malware

Photo Credit: Pexels/ Sora Shizamaki

The researchers suggest that users should only download antivirus apps from reputed publishers

  • Sharkbot is a malware used to steal Android users’ credentials
  • The fake antivirus apps were used to download malicious payloads
  • Sharkbot is designed to target users in specific regions with geofencing

Google has reportedly removed six apps infected with the Sharkbot bank stealer malware from the Google Play store. The apps were downloaded 15,000 times before they were ejected from the store. All six apps were designed to pose as antivirus solutions for Android smartphones and were designed to select targets using a geofencing feature, stealing their login credentials for various websites and services. These infected applications were reportedly used to target users in Italy and the United Kingdom.

According to a blog post by Check Point Research, six Android applications pretending to be genuine antivirus apps on the Google Play store were identified as “droppers” for the Sharkbot malware. Sharkbot is an Android Stealer that is used to infect devices and steal login credentials and payment details from unsuspecting users. After a dropper application is installed, it can be used to download a malicious payload and infect a user's device — evading detection from on the Play Store.

sharkbot android stealer malware check point research inline sharkbot malware

The six malicious applications that were removed from the Play Store
Photo Credit: Check Point Research

The Sharkbot malware used by the six fraudulent antivirus applications also used a ‘geofencing' feature that is used to target victims in specific regions. According to the team at Check Point Research, the Sharkbot malware is designed to identify and ignore users from China, India, Romania, Russia, Ukraine, or Belarus. The malware is reportedly capable of detecting when it is being run in a sandbox and stops execution and shuts down to prevent analysis.

Check Point Research identified six applications from three developer accounts — Zbynek Adamcik, Adelmio Pagnotto, and Bingo Like Inc. The team also cites statistics from AppBrain that reveals that the six applications were downloaded a total of 15,000 times before they were removed. Some of the applications from these developers are still available in third party markets, despite having been removed from Google Play.

Four malicious apps were discovered on February 25 and reported to Google on March 3. The applications were removed from the Play Store on March 9, according to Check Point Research. Meanwhile, two more Sharkbot dropper apps were discovered on March 15 and March 22 — both were reportedly removed on March 27.

sharkbot android stealer apps downloads check point research inline sharkbot malware

The researchers stated that the apps had been downloaded 15,000 times before they were removed
Photo Credit: Check Point Research

The researchers also outlined a total of 22 commands used by the Sharkbot malware, including requesting permissions for SMS, downloading java code and installation files, updating local databases and configurations, uninstalling applications, harvesting contacts, disabling battery optimisation (to run in the background), and sending push notifications, listening for notifications. Notably, the Sharkbot malware can also ask for accessibility permissions, allowing it to see the contents of the screen and perform actions on the user's behalf.

According to the team at Check Point Research, users can stay safe from malware masquerading as legitimate software by only installing applications from trusted and verified publishers. If users find an application by a new publisher (with few downloads and reviews), it is better to look for a trusted alternative. Users can also report seemingly suspicious behaviour to Google, according to the researchers.

Gaana CEO and Spotify's India chief join us on Orbital, the Gadgets 360 podcast, to discuss India's unique music streaming landscape. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

David Delima
As a writer on technology with Gadgets 360, David Delima is interested in open-source technology, cybersecurity, consumer privacy, and loves to read and write about how the Internet works. David can be contacted via email at DavidD@ndtv.com, on Twitter at @DxDavey, and Mastodon at mstdn.social/@delima. More
Mivi Fort S60, S100 Soundbars With 2.2 Channel Output Launched in India: Price, Specifications
‘Remote Work Revolution’: Coinbase Pitches Flexibility, Inclusivity to Get Indian Software Talent Onboard
Share on Facebook Tweet Snapchat Share Reddit Comment google-newsGoogle News


Follow Us


© Copyright Red Pixels Ventures Limited 2023. All rights reserved.