Six Sharkbot malware-infected applications from the Google Play Store, disguised as antivirus apps, have been removed from the application store after infecting over 15,000 users who installed the program on their Android phones with the trojan.
With the help of the malware, the malicious applications aim to steal banking data, personal information, and passwords from the victims.
The Sharkbot trojan operators trick victims into entering their sensitive credentials through overlayed windows. Upon receiving the victims’ data, the hackers will exploit it for other attack operations.
The malicious applications are disguised as antivirus and security apps since many users are searching for programs that could protect them from cyberattacks. However, the threat actors had taken advantage of the situation to propagate malware and steal victims’ data.
Analysts believe that the hackers sent phishing links to their targeted victims, redirecting them to third-party download pages where the malicious apps are situated.
These apps have evaded the protections existing in the Google Play Store since malicious activities will only be activated upon being downloaded by users on their devices. Furthermore, the malicious actions are only triggered through the hackers’ C2 server, where they have control over when to activate the Sharkbot trojan.
An analysis revealed that the trojan uses a geofencing feature that identifies and ignores users from selected countries, including China, Ukraine, Belarus, Russia, India, and Romania.
Detecting the trojan-infected applications led Google to remove them from the Android application store. However, despite being removed from the official application marketplace, the malicious apps remain active and available for download on third-party sites where users can still get tricked into downloading.
Security experts suggest that users who suspect an app is malicious must immediately uninstall it. One effective way to identify if an app is legitimate is by reading through the reviews made by other users, who are often honest when it comes to assessing an application.