These malicious applications disguised as antivirus are wreaking havoc on Android

Six malicious antivirus applications have been removed from the Google Play App Store. For good reason, instead of protecting users against cybercriminals, they were actually used to distribute malware to steal passwords, bank details and other personal information of Android users.

Checkpoint cybersecurity researchers have identified these malicious applications. According to them, they were downloaded from the official App Store of Google by more than 15,000 users affected by the Android Sharkpot malware.

Important data theft

Sharkbot is designed to steal usernames and passwords, trick victims into entering their credentials in overlay windows. They can use them to access emails, social networks or even worse online bank accounts.

The six malicious applications discovered by researchers are aimed at attracting Android users looking for antivirus, cleaners and security applications.

Victims may have received phishing links that may have sent them to the download pages of Sharkbot-infested applications. Apps were able to bypass the security of the Google Play Store, only to have malicious behavior of the app downloaded by a user, and to communicate with servers run by the attacker.

Applications are always available

“We hope they were able to do this because all malicious activity was triggered by the C&C server, so the apps will be ‘off’ for the trial period on Google Play and may be” on “. Alexander Sylitko told ZDNet.

To assess whether the Sharkpot will not affect everyone who downloads it: It uses geofencing functionality to detect and ignore users from China, India, Romania, Russia, Ukraine or Belarus. Meanwhile, most of the victims who downloaded Sharkpot seem to be in the UK and Italy. After identifying the apps, Checkpoint reported its findings to Google, which removed six apps from the Google Play Store.

Although apps affected by Sharkbot disease have been removed from Google’s official marketplace, they are still active on third-party sites, so users may be fooled into downloading them.

What to do in case of infection?

If you think you have downloaded a malicious application, immediately uninstall it, download the appropriate antivirus program to scan your device, and change the passwords for the stolen accounts.

If in doubt about what to download or whether an application is legitimate, user reviews can help clarify things because reviews often say so if the application is not legitimate.

Source: ZDNet.com