Market research firm Check Point Research has discovered six Android apps on the Google Play Store that are spreading banking malware by posing as antivirus apps. The malware found in these apps is called “Sharkbot”, which is known to steal the credentials and banking information of Android users. According to Check Point Research, 62 percent of the victims of these malware were found in Italy, 36 percent in the UK. , and 2 percent in other countries.
The report states that the Sharkbot malware lures its victims to enter their credentials in windows that mimic credential input forms. When the user enters their credentials in these windows, the compromised data is sent to a malicious server. The firm has found that malware authors have implemented a geo-fencing feature that ignores device users in China, India, Romania, Russia, Ukraine or Belarus. The six apps found are Atom Clean-Booster, Antivirus; Antivirus, Super Cleaner; Alpha Antivirus, Cleaner; Powerful Cleaner, Antivirus; And two versions of Center Security – Antivirus App.
Read also: Chinese hackers made 2 attempts to hack electricity distribution in Ladakh, confirms government
Of the six malicious apps, four came from three developer accounts – Zbynek Adamcik, Adelmio Pagnotto and Bingo Like Inc. When their history was checked, it was found that two of them were active in the fall of 2021. Some applications were linked to these accounts were removed from Google Play, but still exist in unofficial markets. This, the research firm said, could be due to the fact that developers want to stay under the radar.
According to data collected for a week, Check Point Research counted more than 1,000 IPs of victims and found that each day the number of victims increased by about 100. According to data from Google Play, the six apps were downloaded more than 11,000 times. Most of the victims are in Britain and Italy.
Read also: Chinese hackers gathered intel from power grid near Ladakh: Report
Watch video: Motorola Edge 30 Pro review: Ideal but not the perfect Android smartphone?
“We found six applications on Google’s Play Store that were spreading the Sharkbot malware. This malware steals credentials and banking information. Obviously this is very dangerous. Looking at the number of installs we can assume that the threat actor struck a bull’s-eye for his way of spreading malware. Threat Actors strategically selected apps that users trust on Google Play. It is also worth mentioning here that threat actors send messages to victims containing malicious links, leading to widespread adoption. Overall, the use of push-messages by threat actors requesting answers from users is an unusual dissemination technique, said Alexander Chalitko, cybersecurity, research and innovation manager at Check Point Software.
read all Breaking News , today’s fresh news And IPL 2022 Live Updates Here.