Google Removes Apps With Malware

Elina Rudkovsky


blog image

Google has removed 6 apps that were meant to be antivirus services. Instead, they infected phones with malware. Users downloaded these apps over 15 000 times from the Google Play store before they were removed.

The malware called Sharkbot is widely used among hackers who still bank information. It was installed over 15 000 times by users who believed they downloaded antivirus software. The 6 apps that spread the malware were placed on Google Play Store and had to provide safety to the users of Android phones. Instead, the malware used the geofencing tools to recognize particular users in the right location to steal private information and passwords. The targets were chosen among the United Kingdom and Italy citizens.

The information was released by CheckPoint Research. It claimed that 6 apps were recognized as droppers for the malware. Once the dropper is installed on your phone it asks for permissions for the location or camera, the same as any other apps do. You don’t even pay attention to it and can agree automatically. You download it and it infects your device. Meanwhile, it was made to ignore specific countries. Users from Ukraine, China, Russia, Romania, India, and Belarus are usually ignored. Once it is installed, Sharkbot can immediately stop its activity if you run down the analysis.

The apps were downloaded multiple times before they were noticed by Google Play and immediately removed. The four of them were found on February 25 and removed on March 9, after Google was notified. Two more apps that turned out to be the droppers of Sharkbot were found on March 15 and removed on March 27. During this time users continued to download the apps on their phones.

Do you have a trusted security system on your phone? Can you download the app you are not familiar with on the phone? Share your thoughts in the comments below.