According to a new report released on Thursday, at least 15,000 Android users downloaded anti-malware apps from the Google Play Store that, instead of protecting them from hackers, infected their devices and stole passwords, bank details, and other personal information.
Google has already deleted the six malware apps faking as anti-virus apps from the Play Store, but the damage has already been done.
The apps infected over 15,000 users with Sharkbot Android malware, which steals credentials and banking information, according to the cybersecurity researchers of Check Point.
According to the Check Point report “This malware implements a geofencing feature and evasion techniques, which makes it stand out from the rest of malwares. It also makes use of something called domain generation algorithm (DGA), an aspect rarely used in the world of Android malware,”
During the analysis, it discovered about 1,000 distinct IP addresses of infected devices. The majority of the victims were from Italy and the United Kingdom.
Sharkbot entices victims to submit their credentials into windows that appear to be legitimate credential entry forms. The compromised data is transferred to a malicious server when the user inputs credentials in these windows.
The report said “Sharkbot doesn’t target every potential victim it encounters, but only select ones, using the geo-fencing feature to identify and ignore users from China, India, Romania, Russia, Ukraine or Belarus,”
It added “Overall, we saw over 15,000 downloads of these apps from Google Play,”
Threat actors are evolving and looking for new ways to inject and drop malware, including posing as real *”official” apps.
Following an examination of the apps, Google decided to remove them from the Play Store permanently.