Connect with us

Hi, what are you looking for?


Antivirus apps downloaded thousands of times from Google Play Store contained password-stealing malware

Facepalm: It’s starting to feel like Google is wasting its breath when warning people about the dangers of sideloading apps, given how many malware-infested programs slip onto the Play Store. Six more were discovered and removed after they were found to be stealing login credentials while masquerading as antivirus applications.

Check Point security researchers said the six apps had been downloaded over 15,000 times before Google removed them from its store following the cybersecurity firm’s disclosure. While users thought they were downloading mobile antivirus apps, they were actually installing the sharkbot Android stealer, ironically.

Sharkbot works by convincing victims to enter their credentials in windows that mimic input forms, often when it detects banking apps are opened. It can also steal information by keylogging, intercepting SMS messages, and gaining full remote access.

Once a person enters their username and password, the details are sent to a malicious server and used to access accounts such as banks, social media, emails, and more.

Most of the victims came from the UK and Italy. Interestingly, the malware used geofencing to identify and ignore users in China, India, Romania, Russia, Ukraine, or Belarus.

2022 04 07 image 13

The apps were able to slip past the Play Store safeguards because their malicious behavior wasn’t activated until after someone downloaded one and it communicated with the server, writes ZDNet,

Advertisement. Scroll to continue reading.

The Sharkbot-infested applications were removed from the Google Play Store in March, though they will likely still be available on other storefronts.

It was only two weeks ago when researchers at French mobile security company Pradeo revealed that an app named Craftsart Cartoon Photo Tools contained a version of an Android trojan malware called Facestealer. It was able to steal mobile users’ Facebook login credentials and had been downloaded over 100,000 times before Google removed it.

Click to comment

Leave a Reply



Did you miss a session from GamesBeat Summit 2022? All sessions are available to stream now. Watch now. World War II was, and still...

Loan And Finance

Authored by Aviva There were a number of changes to the Highway Code published earlier this year which we highlighted in this article and visual guide. These...

Online Business Success

Kenny Kane is the Chief Operating Officer at Firmspace. getty Shared office spaces aren’t a fad; they’re the future. Just look at some recent...

Online Business Success

By David Henzel, co-founder of How We Solve—an umbrella company for services and tools that help you solve your startup’s growing pains. getty Being...

Top Stories

The fall of Terra (LUNA) shook the entire crypto market. However, the project has no plans to stay down as the project secured backing...


We’re currently in the process of testing the Ryzen 7 5800X3D on various first generation AM4 motherboards (coming soon), which prompted me to go...


You May Also Like


Introductions get a lot of attention. I’ve explored the topic of how to write them even though as a reader, I always skip them....

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Online Business Success

The internet is now our nervous system. We are constantly streaming and buying and watching and liking, our brains locked into the global information...

Online Business Success

You can think of link building in many ways. I like to call it tedious, painful, and a test of patience. It’s also necessary...