Sharkbot Malware Uses Android Apps To Steal Credentials & Banking Details

At least six fake Android antivirus apps were removed from the Google Play Store after they were found to be spreading malware. Cyber-security threats have been on the rise over the past several years, reaching its peak during the pandemic. 2021 was an exceptionally bad year for cybercrime victims, with people reportedly losing almost $7 billion to online attacks and scams.

Over the past couple of years, several different types of cyber-crime have been reported to law enforcement, including phishing, ransomware, spyware, and crypto scams. While there is a myriad of safe and effective cyber-security software that can protect users from online threats, cyber-crime groups often use fake anti-malware apps to attack their victims. The latest report now reemphasizes the potential danger of such malicious apps and services.

Cyber-security firm Check Point revealed that at least six supposed anti-malware apps on the Google Play Store were being used to distribute a dangerous banking malware. Dubbed ‘Sharkbot,’ the malware was reportedly designed to steal banking information, including passwords. The six malware-laden apps are Atom Clean-Booster, Antivirus; Antivirus, Super Cleaner; Alpha Antivirus, Cleaner; Powerful Cleaner, Antivirus; and two different flavors of Center Security – Antivirus. According to the research paper, the fake antivirus apps offered push notifications and laid out fake login prompts, through which the operators gained access to banking passwords and information. The malware was also reportedly able to automatically reply to notifications from popular messaging apps like Facebook Messenger and WhatsApp to distribute phishing links that would help the criminals reach even more users.

Google Removed The Fake Antivirus Apps

One of the unique features of the Sharkbot malware is that it comes with geo-fencing abilities that enable it to target users in select regions around the world, while rejecting devices in other parts of the world. In this case, the apps were reportedly ignoring devices in China, India, Romania, Russia, Ukraine, and Belarus, while targeting victims in the U.K. and Italy, among other countries. Overall, the report says that these apps were downloaded more than 15,000 times from Google Play, and possibly many more times from third-party app stores and other sources.

All the aforementioned malicious apps were removed from the Play Store by Google after Check Point contacted the company with its findings. However, the researchers believe that at least some instances of these apps might still be around on some third-party app stores and APK repositories, posing a grave danger to users. To mitigate risks from these and other fake applications with malware, the researchers advise Android users to only install apps from trusted and verified publishers, and report any suspicious apps on their devices to Google.

Source: Check Point (1, 2)