Google Play Bitten by Sharkbot Info-stealer ‘AV Solution’

Google removed six different malicious Android applications targeting mainly users in the U.K. and Italy that were installed about 15,000 times.

Researchers have found the info-stealing Android malware Sharkbot lurking unsuspected in the depths of the Google Play store under the cover of anti-virus (AV) solutions.

While analyzing suspicious applications on the store, the Check Point Research (CPR) team found what purported to be genuine AV solutions downloading and installing the malware, which steals credentials and banking info from Android devices but also has a range of other unique features.

“Sharkbot lures victims to enter their credentials in windows that mimic benign credential input forms,” CPR researchers Alex Shamsur and Raman Ladutska wrote in a report published Thursday. “When the user enters credentials in these windows, the compromised data is sent to a malicious server.”

Researchers discovered six different applications—including ones named Atom Clean-Booster, Antivirus; Antvirus Super Cleaner; and Center Security-Antivirus—spreading Sharkbot. The apps came from three developer accounts–Zbynek Adamcik, Adelmio Pagnotto and Bingo Like Inc.—at least two of which were active in the autumn of last year. The timeline makes sense, as Sharkbot first came onto researchers’ radar screens in November.

“Some of

Read More: https://threatpost.com/google-play-bitten-sharkbot/179252/