Just a month ago we told you about Sharkbotbanking malware that first appeared in 2021 and was recently hiding in an application antivirus on the Play Store; now the researchers of Check Point Software Technologies they identified five more appsin addition to the aforementioned, in which the malware in question was hidden.
The operation is always the same, presenting users with fake access windows to banking services, with the purpose of steal login information and credentials; once the data has been entered, it is sent to a malicious server. The researchers also found an interesting feature of geofencingif the users of the device are located in China, India, Romania, Russia, Ukraine or Belarus, the execution of the malware is prevented.
Three developer accounts have been identified behind Sharkbot, active since autumn 2021, and despite these apps have already been removed from the Play Store, continue to be available from alternative services. The most worrying data, however, concerns the spread of malwareas can be seen from the graph just below, in fact, ben 62% of the users involved reside in Italy, in total the six applications have been downloaded more than 11,000 times. Although there is no firm evidence, the researchers argue that in all likelihood, the creators of Sharkbot are Russian.
Google was immediately informed of what was discovered and, after an internal analysis, proceeded to a remove the affected applications from its Store (which did not initially happen when we reported the news to you a month ago); Check Point Software Technologies director Eusebio Nieva commented: “We discovered six apps on the Google Play Store that were spreading Sharkbot malware that steals credentials and banking information. If we look at the number of downloads, we can assume that those responsible for the threat have hit the target with their method of spreading the malware. The cybercriminal has strategically chosen apps on Google Play because they are trusted by users. What’s also noteworthy here is that they send messages to victims containing malicious links, which leads to widespread adoption. In short, attackers’ use of push messages to request a response from users is an unusual propagation technique. I think it is important for all Android users to know to think twice before downloading any antivirus solution from the Play Store. It could be Sharkbot ”.
In conclusion, the advice for users on the security side are always the same, just download applications from the Play Store avoiding alternative solutions, be wary of little-known developers and above all avoid applications of dubious usefulness, such as antivirus on Android: the solution for protecting you, in this case, could be the Trojan horse infecting your device.