Although Google is constantly trying to improve security on Google Play, it is still impossible to eliminate all threats. This time, the malware was discovered in anti-virus applications.
Instead of protecting – they were stealing user data. Further applications removed from Google Play
Check Point Research researchers discovered 6 anti-virus applications in the Google Play store, or rather disguised as anti-malware applications. Instead, they stole passwords, bank accounts, and other personal information from users. According to information discovered by researchers, hackers used Sharkbot Android Stealer software, disguised as anti-virus applications. The discovered programs had over 15,000 downloads.
This malware implements geofencing and avoidance techniques, making it stand out from other malware. It also uses something called the Domain Generation Algorithm (DGA), an aspect rarely used in the Android malware world.
– it follows from the Check Point report.
About 1,000 IP addresses of infected devices were detected during the investigation, most of them coming from the UK and Italy. As highlighted in the report, Sharkbot does not target every potential victim it encounters, but only selected victims, using the geofencinmg feature to identify and ignore users from China, India, Romania, Russia, Ukraine, and Belarus. Apps have already been removed from Google Play, however that doesn’t mean the malware is completely gone.