If you need an antivirus app for your Android phone, make sure it’s legit. Security researchers recently uncovered six fake antivirus apps on the Google Play Store that installed malware.
The six apps included “Antivirus, Super Cleaner,” “Center Security - Antivirus” and “Powerful Cleaner Antivirus,” according to security firm Check Point. But in reality the programs delivered a malware strain dubbed “Sharkbot,” which can steal information about your login credentials and bank accounts.
In total, the apps were downloaded over 15,000 times, mainly from users in Italy and the UK. Google removed all six apps after Check Point reported the problem to the company.
The six apps work by functioning as “droppers,” meaning they’ll install the Sharkbot malware on the phone at a later time. Moreover, the malware installation will only trigger in select geographies such as China, India, Romania, Russia, Ukraine, or Belarus. This may help explain why the Google Play Store didn’t detect the malicious nature of the apps.
If the malware does install, Sharkbot will then try to steal passwords by creating fake login windows on the phone. “When the user enters credentials in these windows, the compromised data is sent to a malicious server,” Check Point wrote in a research report. “Sharkbot doesn’t target every potential victim it encounters, but only select ones, using the geofencing feature to identify and ignore users from China, India, Romania, Russia, Ukraine, or Belarus.”
The malware also includes other nefarious functions, such as the ability to steal phone contacts, display push notifications, and secretly uninstall other apps on the phone. In addition, Sharkbot will stop all processes if it detects it’s being run on an
Read more on pcmag.com