Market research firm Check Point Research has discovered six Android apps on the Google Play Store that are spreading banking malware by portraying themselves as antivirus apps. The malware detected in these apps is called “Sharkbot," which is known to steal credentials and banking information of Android users. According to Check Point Research, 62 percent of the victims of these malwares were found to be in Italy, 36 percent in UK, and 2 percent in other countries.
The report said that Sharkbot malware lures its victims to enter their credentials in windows that mimic credential input forms. When the user enters their credentials in these windows, the compromised data is sent to a malicious server. The firm has found that the malware authors implemented a geo-fencing feature, which ignores device users in China, India, Romania, Russia, Ukraine or Belarus. The six apps that have been found are named Atom Clean-Booster, Antivirus; Antivirus, Super Cleaner; Alpha Antivirus, Cleaner; Powerful Cleaner, Antivirus; and two version of the Center Security – Antivirus app.
ALSO READ: Chinese Hackers Made 2 Attempts To Hack Electricity Distribution In Ladakh, Confirms Govt
Out of the six malicious apps, four came from three developer accounts – Zbynek Adamcik, Adelmio Pagnotto and Bingo Like Inc. When their history was checked, it was found that two of them were active in the fall of 2021. Some of the applications linked to these accounts were removed from Google Play, but still exist in unofficial markets. This, the research firm said could be due to the fact that the developers want to stay under the radar.
According to stats collected for one week, Check Point Research counted over 1,000 IPs of victims and found that each day the number of victims increased by roughly 100. According to Google Play statistics, the six apps were downloaded over 11,000 times. Most of the victims are in UK and Italy.
ALSO READ: Chinese Hackers Collected Intel From Power Grid Near Ladakh: Report
WATCH VIDEO: Motorola Edge 30 Pro Review: Ideal But Not Perfect Android Smartphone?
“We discovered six applications on Google’s Play Store that were spreading Sharkbot malware. This malware steals credentials and banking information. It is obviously very dangerous. Looking at the install count we can assume that the threat actor hit the bulls-eye for their method of malware spread. The threat actor strategically chose a location of applications on Google Play that have users’ trust. What’s also noteworthy here is that the threat actors push messages to victims containing malicious links, which leads to widespread adoption. All in all, the use of push-messages by the threat actors requesting an answer from users is an unusual spreading technique," Alexander Chailytko, Cyber Security, Research & Innovation Manager at Check Point Software said.
Read all the Latest Tech News and Breaking News here
Comments
0 comment