Alarming reports have highlighted the presence of six fake anti-virus apps on Google Play Store.
The news has put Google on alert as it immediately removed the apps that are said to deliver malware to users that may have been tricked into believing they are beneficial.
A report put out by leading security company Check Point outlined how the app was intentionally developed by hackers to install malware.
This is why experts claim it’s so important to make wise decisions while downloading apps on our Android phones because if they’re not authentic you could potentially be doing more harm than good.
The report delineated the apps by name which included ‘Powerful Cleaner Anti-virus’, ‘Center Security Antivirus’, Antivirus- Super Cleaner’. Check Point says the truth behind the matter is how these programs put forward a malware strain that was called ‘Sharkbot’ which had the threatening capability of stealing information regarding user logins details and sensitive data about their bank accounts too.
As a whole, the apps had been downloaded on nearly 15,000 different occasions, which included users from all around the world. In particular, Italy and the United Kingdom were the most affected.
Google is reported to have taken down all of the malicious apps after the alarming news was forwarded to the company by Checkpoint.
Experts dived down deep into unveiling the app’s true functioning and how they are able to affect users. This included how they functioned like droppers who carry the ability to install malware at some later point in time.
Interestingly, it was revealed how the malware can only function on a smartphone at selective geographical locations like Russia, India, Belarus, Ukraine, China, and Romania. Now, this makes more sense as to why the Google App Store failed to detect these false apps and their malicious intent with ease.
In cases where the malware has been installed, Sharkbot has the ability to steal all of the users’ passwords by making false login windows through a user’s device. Hence, whenever a login is made and credentials are added, this data is sent out to the malicious running server.
With the help of a geofencing feature, users from the outlined countries would be identified by the malicious software and hence be targeted accordingly.
But dangers don’t stop there as the report further revealed an array of alarming functions that the app is capable of. This includes taking the device’s contacts, uninstalling apps without a user noticing, and highlighting push notifications on a screen. Additionally, it can avoid being detected by stopping all of its functioning if it feels like it’s being run in isolated environments.
Another security company by the name NCC Group was quick to notify Google about the malicious apps on the Play Store. They even went ahead and noted down how the malware sample tried to target fund transfers through a number of trustworthy banking applications on smartphones.
For now, experts are requesting users to steer clear of inadvertently downloading apps without authentic background knowledge to help avoid situations like these.
Read next: A new malware FFDroider is hacking social media accounts by stealing browser data
The news has put Google on alert as it immediately removed the apps that are said to deliver malware to users that may have been tricked into believing they are beneficial.
A report put out by leading security company Check Point outlined how the app was intentionally developed by hackers to install malware.
This is why experts claim it’s so important to make wise decisions while downloading apps on our Android phones because if they’re not authentic you could potentially be doing more harm than good.
The report delineated the apps by name which included ‘Powerful Cleaner Anti-virus’, ‘Center Security Antivirus’, Antivirus- Super Cleaner’. Check Point says the truth behind the matter is how these programs put forward a malware strain that was called ‘Sharkbot’ which had the threatening capability of stealing information regarding user logins details and sensitive data about their bank accounts too.
As a whole, the apps had been downloaded on nearly 15,000 different occasions, which included users from all around the world. In particular, Italy and the United Kingdom were the most affected.
Google is reported to have taken down all of the malicious apps after the alarming news was forwarded to the company by Checkpoint.
Experts dived down deep into unveiling the app’s true functioning and how they are able to affect users. This included how they functioned like droppers who carry the ability to install malware at some later point in time.
Interestingly, it was revealed how the malware can only function on a smartphone at selective geographical locations like Russia, India, Belarus, Ukraine, China, and Romania. Now, this makes more sense as to why the Google App Store failed to detect these false apps and their malicious intent with ease.
In cases where the malware has been installed, Sharkbot has the ability to steal all of the users’ passwords by making false login windows through a user’s device. Hence, whenever a login is made and credentials are added, this data is sent out to the malicious running server.
With the help of a geofencing feature, users from the outlined countries would be identified by the malicious software and hence be targeted accordingly.
But dangers don’t stop there as the report further revealed an array of alarming functions that the app is capable of. This includes taking the device’s contacts, uninstalling apps without a user noticing, and highlighting push notifications on a screen. Additionally, it can avoid being detected by stopping all of its functioning if it feels like it’s being run in isolated environments.
Another security company by the name NCC Group was quick to notify Google about the malicious apps on the Play Store. They even went ahead and noted down how the malware sample tried to target fund transfers through a number of trustworthy banking applications on smartphones.
For now, experts are requesting users to steer clear of inadvertently downloading apps without authentic background knowledge to help avoid situations like these.
Read next: A new malware FFDroider is hacking social media accounts by stealing browser data
