Google Removes 6 Apps Posing as Antivirus Apps, Used to Infect Phones With Sharkbot Malware

The apps accumulated a total of 15,000 downloads on the Google Play store before they were removed.

Advertisement
By David Delima | Updated: 8 April 2022 19:23 IST
Highlights
  • Sharkbot is a malware used to steal Android users’ credentials
  • The fake antivirus apps were used to download malicious payloads
  • Sharkbot is designed to target users in specific regions with geofencing
Google Removes 6 Apps Posing as Antivirus Apps, Used to Infect Phones With Sharkbot Malware

The researchers suggest that users should only download antivirus apps from reputed publishers

Photo Credit: Pexels/ Sora Shizamaki

Google has reportedly removed six apps infected with the Sharkbot bank stealer malware from the Google Play store. The apps were downloaded 15,000 times before they were ejected from the store. All six apps were designed to pose as antivirus solutions for Android smartphones and were designed to select targets using a geofencing feature, stealing their login credentials for various websites and services. These infected applications were reportedly used to target users in Italy and the United Kingdom.

According to a blog post by Check Point Research, six Android applications pretending to be genuine antivirus apps on the Google Play store were identified as “droppers” for the Sharkbot malware. Sharkbot is an Android Stealer that is used to infect devices and steal login credentials and payment details from unsuspecting users. After a dropper application is installed, it can be used to download a malicious payload and infect a user's device — evading detection from on the Play Store.

The six malicious applications that were removed from the Play Store
Photo Credit: Check Point Research

The Sharkbot malware used by the six fraudulent antivirus applications also used a ‘geofencing' feature that is used to target victims in specific regions. According to the team at Check Point Research, the Sharkbot malware is designed to identify and ignore users from China, India, Romania, Russia, Ukraine, or Belarus. The malware is reportedly capable of detecting when it is being run in a sandbox and stops execution and shuts down to prevent analysis.

Advertisement

Check Point Research identified six applications from three developer accounts — Zbynek Adamcik, Adelmio Pagnotto, and Bingo Like Inc. The team also cites statistics from AppBrain that reveals that the six applications were downloaded a total of 15,000 times before they were removed. Some of the applications from these developers are still available in third party markets, despite having been removed from Google Play.

Four malicious apps were discovered on February 25 and reported to Google on March 3. The applications were removed from the Play Store on March 9, according to Check Point Research. Meanwhile, two more Sharkbot dropper apps were discovered on March 15 and March 22 — both were reportedly removed on March 27.

Advertisement

The researchers stated that the apps had been downloaded 15,000 times before they were removed
Photo Credit: Check Point Research

Advertisement

The researchers also outlined a total of 22 commands used by the Sharkbot malware, including requesting permissions for SMS, downloading java code and installation files, updating local databases and configurations, uninstalling applications, harvesting contacts, disabling battery optimisation (to run in the background), and sending push notifications, listening for notifications. Notably, the Sharkbot malware can also ask for accessibility permissions, allowing it to see the contents of the screen and perform actions on the user's behalf.

According to the team at Check Point Research, users can stay safe from malware masquerading as legitimate software by only installing applications from trusted and verified publishers. If users find an application by a new publisher (with few downloads and reviews), it is better to look for a trusted alternative. Users can also report seemingly suspicious behaviour to Google, according to the researchers.


Gaana CEO and Spotify's India chief join us on Orbital, the Gadgets 360 podcast, to discuss India's unique music streaming landscape. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement
Popular Mobile Brands
  1. Vivo X200 FE Launched in India With 6,500mAh Battery, Compact Design
  2. Up to 70 Percent Discount on Headphones During Amazon Prime Day Sale 2025
  3. Top Deals on Best-Selling Laptops from Apple, Asus and More During Sale
  4. Samsung Galaxy F36 5G to Launch Soon in India: Details
  5. NASA's Mars Sample Return Mission May Survive with Lockheed Martin's Low-Cost Proposal
  6. Realme 15 Pro 5G Display, Battery Details Confirmed Ahead of India Launch
  1. Earth’s Spin to Speed Up Briefly, Causing Shorter Days This Summer
  2. James Webb Telescope Spots Rare ‘Cosmic Owl’ Formed by Colliding Galaxies
  3. MIT Develops Low-Resource AI System to Control Soft Robots with Just One Image
  4. Ax-4 Astronauts to Return from ISS with 580 Pounds of Science Cargo
  5. NASA’s Mars Sample Return Mission May Survive with Lockheed Martin’s Low-Cost Proposal
  6. Oru Yemanin Kadhal Kadhai Now Streaming on Aha Tamil: What You Need to Know
  7. Google to Integrate ChromeOS and Android into a Single Platform: Report
  8. OpenAI Says Its Open-Source Reasoning AI Model Is Delayed Indefinitely
  9. iPhone 17 Series Colour Options Spotted via Leaked Lens Protection Covers
  10. Samsung Galaxy F36 5G Confirmed to Launch Soon in India: All Details
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.