Play Store malware

It seems like Google‘s effort to counter malware-infected apps is falling short as the Play Store gets too many such apps to tackle.

Researchers have found six more apps on the Google Play Store that reportedly steam login credentials and have been successfully removed from the platform. The irony here is that these apps are ‘anti-virus’ programs.

Six anti-virus programs were removed from the Play Store

According to the researchers at CheckPoint, researchers have found 6 apps on the Google Play Store were downloaded over 15,000 times before the search engine giant removed them.

These apps weren’t any beauty or camera apps (that are usually the carrier) but rather anti-virus programs that are truly off-putting.

malware infested antivirus apps

According to the reports, these six apps masquerading as anti-virus programs used the Sharkbot Android stealer program. Sharkbot creates input forms that mimic the ones from the real application triggered in events such as when banking apps are opened, prompting users to enter their details.

As the user is unknowingly filling the credentials on a pseudo form, Sharkbot gains all the relevant details. Along with that, it can intercept SMSes, get keylogging, and have full remote access to the victim’s device.

The apps include Atom Clean – Booster, Antivirus; Antivirus, Super Cleaner; Alpha Antivirus, Cleaner; Powerful Cleaner, Antivirus; Center Security – Antivirus; and Center Security – Antivirus from several developers.

The modus operandi of Sharkbot

Sharkbot puts up fake (yet convincing) forms where the person enters login credentials. Here, the credential details are sent to the malicious server. The program can record credentials for email, social media, and banking apps among others.

For now, the victims of these apps are primarily from Italy and the UK. Sharkbot utilized geofencing to restrict its access in Russia, Romania, India, China, Belarus, or Ukraine by ignoring the said users.

It is alarming how these apps were able to pass through Google’s SafetyNet. The report mentions that the malicious characteristics of these apps weren’t activated until someone downloaded and used them. This is likely the reason these apps were able to go under the radar.

For now, Google has removed these six apps from the Play Store. These apps will still be available on other marketplaces including as APKs.

LEAVE A REPLY

Please enter your comment!
Please enter your name here