Android antivirus apps caught spreading their own malware
Six fake antivirus apps have been removed from the Play Store
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Googlehas removed a number of fakeAndroid antivirusapps from the Play Store after it was discovered they were being used as a vehicle formalwaredistribution.
According to cybersecurity experts from Check Point Research, the company responsible for the discovery, at least half a dozenantivirusapps available on the official Android marketplace were being used to spread banking malware.
The apps in question are called:
These malicious apps were carrying Sharkbot, a malware strain that stealspasswordsand banking information. It shares push notifications and offers up fake login prompts, through which users share their credentials with the attackers.
Although all have since been removed from thePlay Store, Check Point says they still remain active in unofficial markets. Android users who had downloaded the apps before they were removed are advised to uninstall them immediately.
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a£100 Amazon gift card(or equivalent in USD). Thank you for taking part.
Click here to start the survey in a new window«
Sparing Russians and the Chinese
In a single week of analysis, more than 1,000 unique infected endpoints were identified, with the number growing by roughly 100 every day. Google Play Store figures show the malicious apps were downloaded roughly 11,000 times in total.
The threat actor’s identity remains unknown, although the researchers say they have reason to believe they are of Russian origin. Themalwarecomes with geo-fencing features, ignoring devices in China, India, Romania, Russia, Ukraine, and Belarus. Most of the victims are located in the UK and Italy.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The developer accounts that uploaded the apps were Zbynek Adamcik, Adelmio Pagnotto and Bingo Like Inc. Of the three accounts, two have been active since the autumn of 2021.
That Android antivirus could actually be malware>Hundreds of thousands of Android users infected by banking malware hosted on Play Store>This dangerous Android banking trojan is now available online for anyone to use
Simply downloading the app won’t be enough for the threat actors to launch a full-blown attack, however. The victim still needs to grant the app permissions for accessibility services, which is something the app will try and trick the victim into doing.
After the app is granted the permissions, it will take over most of the smartphone’s functions and will be able to operate freely.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
iStorage Group acquires Kanguru Solutions as it looks to expand security offering
