6 anti-virus apps on Google Play Store steal 15K Android users' data


New Delhi, Apr 7 (IANS): In a bizarre incident, at least 15,000 Android users downloaded anti-malware apps from Google Play Store which, instead of protecting them from hackers, infected their devices to steal passwords, bank details and other personal information, a new report showed on Thursday.

The six malware apps in the disguise of anti-virus apps have now been removed by Google from Play Store but the damage was done.

According to cyber security researchers at Check Point, the apps infected over 15,000 users with Sharkbot Android malware which steals credentials and banking information.

"This malware implements a geofencing feature and evasion techniques, which makes it stand out from the rest of malwares. It also makes use of something called domain generation algorithm (DGA), an aspect rarely used in the world of Android malware," according to the Check Point report.

It identified approximately 1,000 unique IP addresses of infected devices during the time of analysis. Most of the victims were from Italy and the UK.

Sharkbot lures victims to enter their credentials in windows that mimic benign credential input forms. When the user enters credentials in these windows, the compromised data is sent to a malicious server.

"Sharkbot doesn't target every potential victim it encounters, but only select ones, using the geo-fencing feature to identify and ignore users from China, India, Romania, Russia, Ukraine or Belarus," said the report.

"Overall, we saw over 15,000 downloads of these apps from Google Play," it added.

Threat actors are evolving and constantly seeking ways to inject and drop malware at any means possible, including disguising as legitimate "official" apps.

After examining the apps, Google proceeded to permanently remove these applications on Play store.

 

  

Top Stories


Leave a Comment

Title: 6 anti-virus apps on Google Play Store steal 15K Android users' data



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.