Facepalm: It’s starting to feel like Google is losing its breath warning people about the dangers of sideloading apps, given how many malware-infested programs are creeping onto the Play Store. Another six were discovered and deleted after stealing login credentials while impersonating anti-virus apps.
Check Point security researchers said the six apps had been downloaded more than 15,000 times before Google removed them from its store following the cybersecurity firm’s disclosure. While users thought they were downloading mobile antivirus apps, they were actually installing Sharkbot Android thief, ironically.
Sharkbot works by convincing victims to enter their credentials into windows that mimic input forms, often when it detects that banking apps are open. It can also steal information by logging keystrokes, intercepting SMS messages and gaining full remote access.
Once a person enters their username and password, the details are sent to a malicious server and used to access accounts such as banks, social networks, emails, etc.
Most of the victims came from the UK and Italy. Interestingly, the malware used geofencing to identify and ignore users in China, India, Romania, Russia, Ukraine or Belarus.
The apps were able to bypass Play Store protections because their malicious behavior was only activated after someone downloaded one and it communicated with the server, writes ZDNet.
The Sharkbot-infested apps were removed from the Google Play Store in March, although they are likely still available on other storefronts.
Just two weeks ago, researchers from French mobile security company Pradeo revealed that an app called Craftsart Cartoon Photo Tools contained a version of a malicious Android Trojan called Facestealer. It was capable of stealing mobile users’ Facebook login credentials and had been downloaded over 100,000 times before Google removed it.