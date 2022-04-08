Some apps from the Google Play Store, Android’s official app store, continue to be a problem for device protection. Security firm Check Point Software this week identified six programs that, when installed, spread a banking plague.

The banking malware in question is Sharkbot, which, after infecting a device, can steal its victims’ credentials and financial information. Its main method of action is based on social engineering that convinces targets to inform access data in malicious forms — being sent to the threat controllers.

In total, Check Point detected that six applications were spreading the threat. Check their names below:

Atom Clean-Booster, Antivirus

Antivirus, Super Cleaner

Alpha Antivirus, Cleaner

Powerful Cleaner, Antivirus

Center Security – Antivirus

Center Security – Antivirus (same name as above, but with a different icon)

Applications that spread viruses on Android detected by Check Point Software. (Image: Playback/Check Point Software)

In addition to credential theft, Check Point experts have also detected that Sharkbot developers have programmed a geofencing (a type of regional block) that prevents the virus from taking effect if the infected devices are in China, India, Romania, Russia, Ukraine, or Belarus — a fact that also lends more credence to the security firm’s deduction that the threat controllers have Russian origins.

“What is also noteworthy here is that attackers send messages to victims containing malicious links, leading to widespread infection. In short, cybercriminals’ use of push messages or notifications, requesting a response from users, is an unusual dissemination technique. I think it’s important for all Android users to know that they should think twice before downloading any antivirus solution from the Play Store, as it could be Sharkbot,” warns Alexander Chailytko, Manager of Cybersecurity, Research and Innovation at Check Point Software.

Chart showing where malicious Android apps took the most victims. (Image: Playback/Check Point Software)

The researchers collected statistics on the attacks for a week. During that period, they counted more than 1,000 IPs from victims, mostly from the UK and Italy. Every day, the number of victims increased by about 100 people.

Finally, according to Google Play statistics, the six malicious apps detected were installed more than 11,000 times, and as Check Point’s statistics collection showed, the UK and Italy were the countries that downloaded the programs the most. .

Apps have already been removed from the Play Store

Check Point also found that four of the apps came from three developer accounts, Zbynek Adamcik, Adelmio Pagnotto and Bingo Like Inc. — two of which have been active since mid-September 2021 and have already had some programs removed from the Play Store, but which can still be found on the internet, indicating attempts by the authors to run the frauds without being detected.

Immediately after identifying these malicious apps, Check Point reported its findings to Google, which after analyzing the data, removed them from the Play Store.

If you have downloaded one of the applications, it is recommended to immediately uninstall them. For future prevention against similar scams, the following steps are indicated: