Updated on 2022-11-22
Antivirus maker Bitdefender said it identified four Android apps on the official Play Store acting as downloaders for the SharkBot banking trojan. The apps were file managers but also contained malicious code to help deploy malware on a user’s device after their Play Store installation. Read more: Android SharkBot Droppers on Google Play Underline Platform’s Security Needs
Overview: Google Pulls Malware-Spreading Apps Disguised as Anti-Virus from Google Play Store
Google has pulled half a dozen malicious Android apps from the Google Play Store after they were found to spread info-stealing malware. The apps were installed a total of 15,000 times. The malware, known as Sharkbot, steals credentials and banking data. Researchers from Check Point discovered the malware-laced apps.
Note
- Beware of software bearing gifts, in this case applications purporting to be anti-virus solutions that install malware instead. Even more dangerous: a user installing what they think is AV is more likely to grant that application all requested permissions. Provide users with approved device security tools and profiles rather than letting them choose their own. Note that these apps themselves didn’t contain the malware; instead, they downloaded it after fooling the user with a pretty icon and otherwise legitimate looking app. As the apps have been pulled from the Play Store, Play Protect will remove them on installed devices, but the damage is likely done, and infected devices will likely need a factory reset.
- I’d like to see two things: (1) Good data from Google Play Store and Apple App Store on the average time before a bad app is detected and removed; and (2) a security settings switch that filters app store view to only show apps have been published longer than that average. I guess the third thing would be to that average time decrease to hours, then minutes, vs. days.
