Sharkbot Android Malware Hides in Fake Antivirus Apps on Google Play
Security researchers have discovered yet another batch of apps on the official Google Play Store that were posing as antivirus but were laced with malware. The apps were laced with the Sharkbot banking malware affecting Android devices.
A research team with Check Point discovered that the fake antivirus apps were downloaded around 15,000 times before they were taken down. Google took down the malware-laden apps only after Check Point sent an alert to the company.
Sharkbot uses unusual techniques
The malicious apps were "at least six" and were designed to look like legitimate mobile security and antivirus tools, but the reality was quite the opposite. The apps contained the Sharkbot stealer - an Android strain of malware, developed to steal banking information and credentials.
According to Check Point, Sharkbot has two features that make it a standout among Android malware. The first of those is the malware's use of a domain generation algorithm. This refers to the malware's ability to occasionally generate a number of different domain names, which it then uses for routing communication to its command-and-control servers.
The second feature that is usually not seen in Android malware is the geofencing Sharkbot uses. When used in relation to malware, geofencing is the term used to denote the malicious software's ability to only attack certain regions and demographics, avoiding others, as though virtually "fencing" them off. This is commonly seen with malware that does not attempt to attack victims in its area of origin or in regions with heightened security measures.
Infections primarily in Western Europe
The majority of the devices and IPs identified as infected by the researchers were located in Western Europe, primarily inside the United Kingdom and Italy, with just a 2% fraction of the remaining infections in other territories.
Check Point concluded their report on the Android malware with the advice we also echo every time - only install applications from "trusted and verified publishers". However, this is the second time when Android malware lurking on the official Google Play Store made headlines in just a few weeks, so this advice, while fundamentally sound, will not be enough to protect every user from every threat.