Beware! 6 scary Android apps spreading Sharkbot malware on Google Play Store; check list

Whether you are an iPhone or an Android smartphone user, you generally install the apps you want from Apple App Store or Google Play Store as the case may be. However, this is where the hackers target innocent users. Because, if you are not careful before installing any app on your smartphone, you may end up getting defrauded. Reason being that there are certain apps on both these stores that have malware installed in them. Once these apps are downloaded, they can steal your private information, including banking details like passwords too. Now, market research firm Check Point Research has discovered six Android apps on Google Play Store that are spreading banking malware by portraying themselves as antivirus apps. The list of six apps that are spreading banking malware include, Atom Clean-Booster, Antivirus; Antivirus, Super Cleaner; Alpha Antivirus, Cleaner; Powerful Cleaner, Antivirus; and two versions of the Center Security – Antivirus app.

“When you search for Anti-Virus (AV) solutions to protect your mobile devices, you don’t expect these solutions to do the opposite i.e. make devices vulnerable to malware. This is what the Check Point Research (CPR) team encountered while analyzing suspicious applications found in Google Play. These applications pretended to be genuine AV solutions while in reality they downloaded and installed an Android Stealer called Sharkbot,” the report said.

As per the information provided, the malware “Sharkbot” steals credentials and banking information of Android users. It lures victims to enter their credentials in windows that mimic benign credential input forms. When the user enters credentials in these windows, the compromised data is sent to a malicious server.

“Sharkbot has a handful of tricks up its sleeve. It doesn’t target every potential victim it encounters, but only select ones, using the geofencing feature to identify and ignore users from China, India, Romania, Russia, Ukraine or Belarus. Evasion techniques are also a part of Sharkbot’s arsenal. If the malware detects it is running in a sandbox, it stops the execution and quits.” according to the research.

The report further informed that these six applications came from three developer accounts, Zbynek Adamcik, Adelmio Pagnotto and Bingo Like Inc. When their history was checked, it was found that two of them were active in the fall of 2021. Some of the applications linked to these accounts were removed from Google Play, but still exist in unofficial markets. The reason behind the same could be due to the fact that the developers want to stay under the radar, the research firm said.