Play Store: These fake Android antiviruses are malware capable of stealing your money

A new malware is rampant on the Play Store. It takes the form of an antivirus application. But it contains a Trojan whose goal is to recover the bank identifiers of its victims and empty their accounts. The four versions of the malware have accumulated nearly 60,000 installations.

There is more and more information in smartphones. Personal information. Professional data. From Pictures. From Passwords. But also a access to your bank accounts. Whether through your web browser (Chrome for example) or via a dedicated application, you can manage your money very easily. And some hackers can take advantage of this access to access your bank accounts.

Be careful, this app supposed to boost your battery hides a terrible Trojan horse!

To do this, they can inject malicious code into a web page. But, on Android, the easiest way is to go through an application. Some even manage to circumvent Google’s vigilance. Results : some software available on the Play Store contains malware, including Trojan horses. These hide in the background, spy on your activity and communicate information to hackers.

Sharkbot impersonates an antivirus to access your bank accounts

One of them was discovered in October 2021 by Italian cyber security experts Cleafy Threat Intelligence. His name is sharkbot. And its operation is quite similar to that of Teabot and FluBot that we mentioned in January 2022 in our columns. However, its method of propagation has recently changed. Indeed, according to NCC-Groupan American company specializing in computer security, it is now present in the source code of several applications on the Play Store.

Ironically, Sharkbot was discovered in four “antivirus” software programs, which are supposed to protect their users against malware. It is Super Cleaner Antivirus, Atom Clean Booster, Alpha Antivirus and Powerful Cleaner Antivirus. As of this writing, the first two have been removed from the French Play Store. But the other two are still there. They cumulate between them nearly 60,000 installs. So if you have one of them, delete it and change your access credentials to your online accounts.

If you have given them all the required permissions, these applications are able to fully monitor your banking application (including keylogging to reconstruct your password) in order to impersonate you and make money transfers. This is obviously not the first time that Android malware has passed through an antivirus. Cybersecurity experts have been unearthing them regularly for several years.

Source: NCC Group