Sharkboy Malware Uses Android Apps To Steal Credentials & Banking Details

After being found to have spread malware, at least six fake Android antivirus apps were taken from the Google Play Store. Cyber-security threats have increased over several years, peaking during the pandemic. 2021 was a terrible year for victims of cybercrime. Victims lost almost $7 billion due to scams and online attacks.

In the last few years, many types of cybercrime have been reported by law enforcement. These include ransomware and spyware, as well as phishing. There are many practical and safe cyber-security software available to protect users against online threats. However, cyber-criminals often use fake antimalware apps to attack victims. This latest report highlights the dangers of malicious apps and services.

RELATED: Phishing Scams and Mobile Malware Are Big In 2022 — Here’s How to Stay Safe

The cyber-security firm discovered that at least six antimalware apps from the Google Play Store were being used for spreading a potentially dangerous banking malware. The malware, dubbed “Sharkbot,” was designed to steal bank information, including passwords. These malware-laden apps include Atom Clean-Booster Antivirus; Antivirus Super Cleaner; Alpha Antivirus Cleaner; Powerful Cleaner Antivirus; and two flavors of Center Security Antivirus. The research paper states that the fake antivirus apps provided push notifications and created fake login prompts. This allowed the operators to gain access to bank passwords. It was also reported that the malware could automatically respond to messages from messaging apps such as WhatsApp and Facebook Messenger, distributing phishing links that would allow criminals to reach more people.

Google Removing Fake Antivirus Apps

Check Point

Sharkboy malware has unique geofencing capabilities that allow it to target users only in some areas of the globe and reject devices from other parts. The apps were reported to have ignored gadgets from China, India, Russia, Ukraine, Belarus, and other countries but targeted victims in the U.K., Italy, and Romania. The report states that the apps were downloaded more than 15,000 times via Google Play and possibly more from third-party stores and other sources.

After Check Point received its findings, all the malicious apps mentioned above were removed from Google’s Play Store. Researchers believe some of these malicious apps may still be available on third-party APK repositories and app stores, posing a severe threat to users. These and other malware-laden apps pose a danger to Android users. The researchers recommend that Android owners only install apps from verified and trusted publishers and that they report suspicious apps to Google.

Sharkbot Malware Uses Android Apps To Steal Credentials & Banking Details