Antivirus used to show off
According to a blog post by Czech Point Research, these 6 Android apps, which appeared as a real antivirus app on Google Play Store, were seen as a dropper for sharkbott malware. Sharkbott is an Android Steelr used to infect the device and to steal login credentials and payment details from users. After the dropper app is installed, it can be used to download malciese payloads and infect users’ devices.
Malware prepared for users of these countries
A geoofing feature was also used in the sharkbott malware used by these 6 fraud antivirus apps, which is used to target users in the specific region. According to the Czech Point Research team, Sharkbott Malware has been designed to identify users of China, India, Romania, Russia, Ukraine or Belarus. Malware can reportly check when it is being run in sandbox and prevents execution and analysis. Czech point research viewed 6 apps from 3 developer accounts Zbynek Adamcik, Adelmio Pagnotto and Bingo Like Inc. The team also talks about the data of the appbrain, which makes it clear that 6 apps were downloaded a total of 15 thousand times before being removed. Even after removing from Google Play Store, some apps of these developers are still present in the third party market.
Google’s action
According to the check point research, 4 Malciaz apps were observed on 25 February and on March 3, Google was informed about it. Apps were removed from Play Store on 9 March. After that 2 more Sharkbot Dropper App was seen on 15 March and 22 March, both were allegedly removed on 27 March. According to the Czech Point Research team, users should only download and install the apps from the Google Play Store, Apple App Store or any other reliable and verified space. Thus security persists.
Download the Gadgets 360 Android app for the latest tech news, smartphone review and exclusive offer on popular mobiles and follow us on Google News.
