Delete These 6 Dangerous Android Phone Apps Now, SharkBot, Play Store
SharkBot is relatively new and dangerous malware. It is a banking Trojan, first spotted in late October 2021 by researchers at Cleafy. It exists to perform money transfers from any compromised user, stealing credentials and banking information, and having the ability to bypass multi-factor authentication. New research reveals that a total of six Android security apps, which were all available in the official Google Play store, were used to distribute this nasty malware.
SharkBot attacks users of Android antivirus apps
As Bleeping Computer reported in March, security researchers from the NCC Group were the first to discover a supposed antivirus application in the official Google Play store that spread the SharkBot trojan. The “Antivirus, Super Cleaner” was permanently removed by Google shortly after the NCC Group report was published. Today, Check Point researchers revealed that they had found no less than six such infected apps, all posing as legitimate antivirus solutions for Android users.
Unmasking Android Antivirus App Imposters
In addition to the previously mentioned application, the list included: “Atom Clean-Booster, Antivirus”, “Alpha Antivirus, Cleaner”, “Powerful Cleaner, Antivirus” and two called “Center Security – Antivirus”. After responsibly disclosing the details of these apps to Google, they were all permanently removed between March 3 and March 27. delete them immediately and check your bank statements for any unusual activity. Changing your banking passwords is also highly recommended.
“It’s obviously very dangerous”
“This malware steals credentials and banking information. It is obviously very dangerous. Looking at the number of installations, we can assume that the threat actor has hit the nail on the head for their method of spreading software The threat actor has strategically chosen an app location on Google Play that users trust.” Alexander Chailytko, head of cybersecurity, research and innovation at Check Point Software, said.
Chailytko also pointed out that threat actors’ use of “push messages” to victims containing malicious links was both unusual and guaranteed widespread adoption.
“The use of push messages by threat actors demanding a response from users is an unusual propagation technique,” Chailytko continued, “I think it’s important for all Android users to know that they have to think twice before downloading an antivirus solution from the play store, it could be SharkBot.
Check Point Research has published a comprehensive and detailed technical analysis of the SharkBot campaign.
What does Google have to say about SharkBot apps?
I reached out and asked how these apps were able to evade detection and make it into the Google Play Store, to which a Google spokesperson provided the following statement: “We appreciate the work of the community search, and when we find apps that violate our policies, we take action. Google has confirmed that all of the apps in question have been removed.