Updated April 9th, 2022 at 19:15 IST

Google removes six malicious apps disguised as antivirus, stole banking information

Checkpoint Research says that Sharkbot is a type of malware that implements a 'geofencing feature and evasion techniques'. Read more details about it here,

Reported by: Shikhar Mehrotra
IMAGE: UNSPLASH | Image:self
Advertisement

Google has removed six applications accessing users' information disguised as antivirus software. These apps originate from three different developer accounts and help in the installation of malware that accesses the banking information of the user. Read along to find out the names of the apps, how they masquerade and what techniques they use to deploy malware. 

According to a post by Checkpoint Research, the firm found antivirus applications on Google Play acting as tools making smartphones vulnerable to malware attacks. The post reads "these applications pretended to be genuine AV solutions while in reality they downloaded and installed an Android Stealer called Sharkbot." For the uninitiated, Sharkbot is a tool that accesses banking information and other sensitive information of the user without consent. 

How did the malware disguise as antivirus applications?

Checkpoint Research says that Sharkbot is a type of malware that implements a "geofencing feature and evasion techniques." It makes use of the Domain Generation Algorithm which enables it to mimic "being credential input forms." As and when the user falls into the trap and enters information in the fake input forms, it is transferred to malicious servers where bad actors can access the information and misuse it. 

Interestingly, the malware selects the users it targets. The geofencing feature allows the malware to skip users from India, China, Romania, Ukraine, Russia or Belarus. In total, there are six different applications that were found reading the Sharkbot tool. The names of these apps are listed below. It is important to mention that these applications are from three developer accounts namely Zbynek Adamcik, Adelmio Pagnotto and Bingo Like Inc.

Names of apps spearing Sharkbot apps on Google Play Store

  • Atom Clean-Booster, Antivirus
  • Antivirus, Super Cleaner
  • Alpha Antivirus, Cleaner 
  • Powerful Cleaner, Antivirus 
  • Center Security - Antivirus 
  • Center Security - Antivirus 

Four of these applications were reported to Google in the month of March 2022 and they were removed by Google on March 9, 2022. Afterwards, two other apps were detected to spread the malware and they were removed from the online app download store on March 27, 2022. To safeguard against this, users should only download antivirus applications from verified accounts. Some of the popular antivirus apps are Kaspersky and McAfee. 

Advertisement

Published April 9th, 2022 at 19:14 IST