Bank stealers abound; Google removes 6 apps infected with Sharkbot malware

Sanjeev Ramachandran April 9, 2022Last Updated: April 9, 2022

2 minutes read

Bank stealer apps found to have infected devices and stolen login credentials and payment details

Beware of the bank stealer apps lurking inside your smart handsets. As many as six apps that were found to be infected with Sharkbot, which is a type of malware known for stealing money from bank accounts, have been identified and removed by Google. Though the apps have been chucked out, the worrisome fact is that these apps have been found as downloaded as many as 15,000 times before Google finally managed to remove them.

These six apps were found as designed to act like antivirus solutions and to select targets using a geo-fencing feature. The modus operandi have been such that they stole users’ login credentials for websites and services.

As per a report, these applications infected by Sharkbot had been deployed to target users in Italy and the UK. It is being said that the six Android apps had disguised themselves as antivirus apps and got into the Google Play Store. They functioned in such a way that they were marked as ‘droppers’ for Sharkbot.

Bank stealer apps played in tune with Sharkbot malware

Dropper applications when installed, download malicious payload and infect a device, while successfully staying off detection mechanisms. These six apps that played in tune with the Sharkbot malware were detected as putting into play a ‘geofencing’ feature so that they could target victims in specific regions.

The report that quoted a Check Point Research team revealed that the Sharkbot malware was designed to identify and ignore users from India, China, Romania, Ukraine, Russia, and Belarus. Research has found that the malware was capable of detecting when run in a sandbox and immediately shuts down to prevent analysis.

Google, while removing the apps, found that these six applications came from three developer accounts, namely Adelmio Pagnotto, Zbynek Adamcik, and Bingo Like Inc. The Check Point Research team has revealed that 15,000 downloads were already made, and it quoted statistics to this effect from AppBrain.

As a means to complicate the analysis, cyber-crime actors can spread malware in Google Play through benign looking mediators that fake AV applications and gain credibility. Read our research about Sharkbot – spread in the way described.https://t.co/UOyhwBGc8H
— Check Point Research (@_CPResearch_) April 8, 2022

Stay cautious, install apps only from verified publishers

Google came across four among these dangerous apps after they were discovered in February and reported to the search giant in March. Google had swung into action immediately and was able to remove them on March 9, the report quoted Check Point Research as saying. Further investigation brought to light two more dropper apps on March 15 and March 22 respectively, and Google successfully threw them out on March 27.

The risk is that danger still lurks. Making sure that safety from malware masquerading as software could happen only through the installation of applications that come only from verified publishers has become an imperative. Exercise caution, and stay safe from bank stealer apps.