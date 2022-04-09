



Google has reportedly removed six apps infected with Sharkbot Bank Steeler malware from the Google Play store. The app was downloaded 15,000 times before being removed from the store. All six apps are designed to disguise themselves as antivirus solutions for Android smartphones and use geofence features to target and steal login credentials for various websites and services. .. These infected applications have been reported to have been used to target users in Italy and the United Kingdom.

According to a Check Point Research blog post, six Android applications disguised as real antivirus apps have been identified as Sharkbot malware droppers in the Google Play store. Sharkbot is an Android stealer used to infect devices and steal login credentials and payment details from unsuspecting users. Installing the dropper application can infect a user’s device that downloads malicious payloads and evades detection from the Play Store.

6 Malicious Applications Removed from Play Store Photo Credits: Check Point Research

The Sharkbot malware used in six rogue antivirus applications also used the geofence feature used to target victims in specific areas. According to the Check Point Research team, Sharkbot malware is designed to identify and ignore users in China, India, Romania, Russia, Ukraine, or Belarus. Malware has been reported to be able to detect what is running in the sandbox, stop it running, and shut it down to prevent analysis.

Check Point Research has identified six applications from three developer accounts, Zbynek Adamcik, Adelmio Pagnotto, and Bingo Like Inc. The team also cites AppBrain statistics, showing that the six applications were downloaded a total of 15,000 times before being removed. Some of the applications from these developers are still available in the third party market, even though they have been removed from Google Play.

According to Check Point Research, four malicious apps were discovered on February 25th and reported to Google on March 3rd. These apps were removed from the Play Store on March 9th. Meanwhile, two more Sharkbot dropper apps were discovered on March 15th, and both were reported to have been removed on March 27th on March 22nd.

Researchers said the app was downloaded 15,000 times before it was removed. Photo provider: Check Point Research

Researchers also request SMS permissions, download Java code and installation files, update local databases and configurations, uninstall applications, collect contacts, disable battery optimization (run in the background), etc. , Overview of a total of 22 commands used by Sharkbot malware. , And send push notifications, listen for notifications. In particular, Sharkbot malware can also ask for accessibility permission, allowing you to see what’s on the screen and take action on your behalf.

According to the Check Point Research team, users can be safe from malware spoofing legitimate software simply by installing an application from a trusted and validated publisher. If a user finds an application from a new publisher (with few downloads and reviews), it’s a good idea to look for a reliable alternative. According to researchers, users can also report suspicious behavior to Google.

