These Android users wanted to protect their phones from hackers. Instead they downloaded malware.

Six phony anti-virus apps have been removed from the Google Play app store because instead of protecting users from cyber criminals, they were actually being used to deliver malware to steal passwords, bank details and other personal information from Android users. 

The malware apps have been detailed by cybersecurity researchers at Check Point, who say they were downloaded from Google’s official app marketplace by over 15,000 users who were looking to protect their devices, which instead became infected with Sharkbot Android malware

Sharkbot is designed to steal usernames and passwords, which is does by luring victims into entering their credentials in overlayed windows which sends the information back to the attackers, who can use it to gain access to emails, social media, online banking accounts and more. 

The six malicious apps found by researchers aimed to attract Android users searching for antivirus, cleaner and security apps.

SEE: Cybersecurity: Let’s get tactical (ZDNet special report)

It’s possible that victims were sent phishing links which directed them to the download pages for the Sharkbot infested apps. The apps were able to bypass Google Play store protections because malicious behaviour in the apps wasn’t activated until after they’d been downloaded by a user and the app has communicated

Read More: