Site icon TechNewsBoy.com

Android antivirus apps caught spreading their own malware

Scott Marlette
Android antivirus apps caught spreading their own malware

Google has removed a number of fake Android antivirus apps from the Play Store after it was discovered they were being used as a vehicle for malware distribution.

According to cybersecurity experts from Check Point Research, the company responsible for the discovery, at least half a dozen antivirus apps available on the official Android marketplace were being used to spread banking malware. 

The apps in question are called:
  • Atom Clean-Booster, Antivirus
  • Antivirus, Super Cleaner
  • Alpha Antivirus, Cleaner
  • Powerful Cleaner, Antivirus
  • Center Security – Antivirus (two versions)

These malicious apps were carrying Sharkbot, a malware strain that steals passwords and banking information. It shares push notifications and offers up fake login prompts, through which users share their credentials with the attackers. 

Although all have since been removed from the Play Store, Check Point says they still remain active in unofficial markets. Android users who had downloaded the apps before they were removed are advised to uninstall them immediately.

Sparing Russians and the Chinese

In a single week of analysis, more than 1,000 unique infected endpoints were identified, with the number growing by roughly 100 every day. Google Play Store figures show the malicious apps were downloaded roughly 11,000 times in total.

The threat actor’s identity remains unknown, although the researchers say they have reason to believe they are of Russian origin. The malware (opens in new tab) comes with geo-fencing features, ignoring devices in China, India, Romania, Russia, Ukraine, and Belarus. Most of the victims are located in the UK and Italy. 

The developer accounts that uploaded the apps were Zbynek Adamcik, Adelmio Pagnotto and Bingo Like Inc. Of the three accounts, two have been active since the autumn of 2021. 

Simply downloading the app won’t be enough for the threat actors to launch a full-blown attack, however. The victim still needs to grant the app permissions for accessibility services, which is something the app will try and trick the victim into doing.

After the app is granted the permissions, it will take over most of the smartphone’s functions and will be able to operate freely.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – abuse@technewsboy.com. The content will be deleted within 24 hours.
Exit mobile version