Google Removes Apps That Transmitted Sharkbot Virus

Google has reportedly eliminated 6 malicious apps on the Play Store. Those apps were said to be infested with Sharkbot malware that could steal user bank data. Over 15,000 users downloaded the infected apps before they were blacklisted on the store. Read on for details.

Infected Antiviruses

All 6 removed apps were disguised as Android antivirus solutions. They exploited the geofencing feature on smartphones to target users and steal their logins and passwords from all the available services and websites. We also know that those apps mostly targeted users in the UK and Italy.

As Check Point Research says, such apps are called droppers because they don’t include the malware itself, but work as stealthy gateways for downloading the core of the virus bypassing the Google Play Store firewall. Researches also say that Sharkbot uses geofencing to filter users and target only specific regions. Sharkbot in those deleted apps targeted the UK and Italy but avoided users from Romania, India, Russia, Belarus, Ukraine, and China.

The bot also used 22 commands to request permissions for downloading, uninstalling apps, gathering contacts, changing settings, disabling battery-saving mode to run in the background, and even performing actions on the users’ behalf through accessibility features.

All the apps came from 3 developer accounts, including Zbynek Adamcik, Adelmio Pagnotto, and Bingo Like Inc. All of them were detected and eliminated from February 25 to March 27. Unfortunately, these apps are still available on several third-party app depositories.

A Way Out

We can’t be sure that there are no more apps like these 6 on the Play Store, so it’s important to download new apps only from trusted verified developers and publishers. Don’t trust apps with a few downloads and reviews and report any suspicious apps ASAP. Have you ever been a victim of mobile malware? What was it? You can tell about it in the comments and share this piece to inform your friends as well.