Published 19:15 IST, April 9th 2022
Google removes six malicious apps disguised as antivirus, stole banking information
Checkpoint Research says that Sharkbot is a type of malware that implements a 'geofencing feature and evasion techniques'. Read more details about it here,
Advertisement
Google has removed six applications accessing users' information disguised as antivirus software. se apps originate from three different developer accounts and help in installation of malware that accesses banking information of user. Read along to find out names of apps, how y masquerade and what techniques y use to deploy malware.
According to a post by Checkpoint Research, firm found antivirus applications on Google Play acting as tools making smartphones vulnerable to malware attacks. post reads "se applications pretended to be genuine AV solutions while in reality y downloaded and installed an Android Stealer called Sharkbot." For uninitiated, Sharkbot is a tool that accesses banking information and or sensitive information of user without consent.
Advertisement
How did malware disguise as antivirus applications?
Checkpoint Research says that Sharkbot is a type of malware that implements a "geofencing feature and evasion techniques." It makes use of Domain Generation Algorithm which enables it to mimic "being credential input forms." As and when user falls into trap and enters information in fake input forms, it is transferred to malicious servers where bad actors can access information and misuse it.
Interestingly, malware selects users it targets. geofencing feature allows malware to skip users from India, China, Romania, Ukraine, Russia or Belarus. In total, re are six different applications that were found reading Sharkbot tool. names of se apps are listed below. It is important to mention that se applications are from three developer accounts namely Zbynek Adamcik, Adelmio Pagtto and Bingo Like Inc.
Advertisement
Names of apps spearing Sharkbot apps on Google Play Store
- Atom Clean-Booster, Antivirus
- Antivirus, Super Cleaner
- Alpha Antivirus, Cleaner
- Powerful Cleaner, Antivirus
- Center Security - Antivirus
- Center Security - Antivirus
Four of se applications were reported to Google in month of March 2022 and y were removed by Google on March 9, 2022. Afterwards, two or apps were detected to spread malware and y were removed from online app download store on March 27, 2022. To safeguard against this, users should only download antivirus applications from verified accounts. Some of popular antivirus apps are Kaspersky and McAfee.
19:14 IST, April 9th 2022