Delete These 6 Dangerous Android Phone Apps Now, SharkBot, Play Store

0

SharkBot is relatively new and dangerous malware. It is a banking Trojan, first spotted in late October 2021 by researchers at Cleafy. It exists to perform money transfers from any compromised user, stealing credentials and banking information and having the ability to bypass multi-factor authentication. New research reveals that a total of six Android security apps, which were all available in the official Google Play store, were used to distribute this nasty malware.

MORE FORBESDoes this Wordle Clone app follow you? Betteridge’s law does not apply

SharkBot attacks users of Android antivirus apps

As reported by beeping computer In March, security researchers from the NCC Group were the first to discover a supposed antivirus application in the official Google Play store that spread the SharkBot trojan. The “Antivirus, Super Cleaner” was permanently removed by Google shortly after the NCC Group report was published. Now, Check Point researchers have revealed that they have found no less than six such infected apps, all masquerading as legitimate antivirus solutions for Android users.

Unmasking Android Antivirus App Imposters

In addition to the previously mentioned application, the list included: “Atom Clean-Booster, Antivirus”, “Alpha Antivirus, Cleaner”, “Powerful Cleaner, Antivirus” and two called “Center Security – Antivirus”. After responsibly disclosing the details of these apps to Google, they were all permanently removed between March 3 and March 27. delete them immediately and check your bank statements for any unusual activity. Changing your banking passwords is also highly recommended.

MORE FORBESGoogle suddenly releases new emergency security update for 3.2 billion Chrome users

“It’s obviously very dangerous”

“This malware steals credentials and banking information. It is obviously very dangerous. Looking at the number of installations, we can assume that the threat actor has hit the nail on the head for their method of spreading software The threat actor has strategically chosen an app location on Google Play that users trust.” Alexander Chailytko, head of cybersecurity, research and innovation at Check Point Software, said.

Chailytko also pointed out that threat actors’ use of “push messages” to victims containing malicious links was both unusual and guaranteed widespread adoption.

“The use of push messages by threat actors demanding a response from users is an unusual propagation technique,” Chailytko continued, “I think it’s important for all Android users to know that they have to think twice before downloading an antivirus solution from the play store, it could be SharkBot.

Check Point Research has published a comprehensive and detailed study technical analysis of the SharkBot campaign.

What does Google have to say about SharkBot apps?

I reached out and asked how these apps were able to evade detection and make it into the Google Play Store, to which a Google spokesperson provided the following statement: “We appreciate the work of the community search, and when we find apps that violate our policies, we take action. Google has confirmed that all of the apps in question have been removed.

Share.

About Author

Comments are closed.