Six phony anti-virus apps have been removed from the Google Play app store for being used to deliver malware to steal passwords, bank details and other personal information from Android users.
The malware apps were downloaded by over 15,000 users and became infected with Sharkbot Android malware. The six malicious apps found by researchers aimed to attract Android users searching for antivirus, cleaner and security apps.
Sharkbot is designed to steal usernames and passwords, which it does by luring victims into entering their credentials in surface windows which sends the information back to the attackers, who can use it to gain access to emails, social media, online banking accounts and more.
According to analysis of the malware, Sharkbot uses a geofencing feature to identify and ignore users from China, India, Romania, Russia, Ukraine or Belarus. Approximately 1,000 unique IP addresses of infected devices have been identified during the time of analysis. Most victims who downloaded Sharkbot appear to be in the United Kingdom and Italy.
After examining the apps, Google proceeded to permanently remove these applications on Play store. However, they remain actively available on third-party sites, so users could still potentially be tricked into downloading them.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
