CPR discovered more than 1,000 unique IP addresses of infected devices. According to Google Play Store data, however, the six deceptive applications were downloaded more than 11,000 times.
The best antivirus apps of 2022The best cheap laptops under $500The best phone deals in April 2022
‘Antivirus’ apps unleash nasty malware called Sharkbot
Sharkbot is the name of the banking malware posing as antivirus solutions; once installed, it snatches Android users’ credentials and banking information. According to CPR, Sharkbot baits victims into entering their sensitive data in windows that mimic input forms. “CPR suspects the threat actors are Russian speaking and warns Android users worldwide to think twice about downloading antivirus solutions,” a curious statement for CPR to make considering the ongoing Russia-Ukraine conflict and looming cyberwar threat. After victims input their information, Sharkbot sends the compromised data to a server. CPR discovered that most victims reside in Italy (62%), followed by the UK (36%). Interestingly, the malicious actors implemented a geofencing feature, ignoring devices in Romania, Russia, Ukraine, Belarus, China and India. “What’s also noteworthy here is that the threat actors push messages to victims containing malicious links, which leads to widespread adoption. All in all, the use of push-messages by the threat actors requesting an answer from users is an unusual spreading technique,” CPR added. The six malicious apps CPR spotted included “Atom Clean-Booster, Antivirus,” “Antivirus, Super Cleaner,” “Alpha Antivirus, Cleaner,” “Powerful Cleaner, Antivirus,” and “Center Security - Antivirus.” Fortunately, CPR notified Google about these misleading apps and the search-engine tech giant removed them from the Play Store. If you want to ensure that you’re downloading legitimate pro-security platforms, check out our best antivirus apps page for well-established, trustworthy solutions for your needs.