new Delhi: In an alarming case of data theft, at least 15,000 Android users were robbed of their personal information through anti-virus apps, news agency IANS reported on Thursday. Users downloaded anti-malware apps from the Google Play Store, which instead of protecting them from hackers, infected their devices to steal passwords, bank details and other important details. Six malware apps masquerading as anti-virus apps have now been removed by Google from the Play Store, but the damage was done.


According to cybersecurity researchers at Check Point, the apps infected more than 15,000 users with the Sharkbot Android malware, which steals credentials and banking information. “This malware implements a geofencing feature and piracy technology, which makes it different from the rest of the malware. It also uses something called the Domain Generation Algorithm (DGA), which is a rarely used aspect in the Android malware world,” as per the Check Point report. It identified around 1,000 unique IP addresses of infected devices during analysis. Most of the dead were from Italy and Britain.


Sharkbot lures victims into entering their credentials in windows that mimic benign credential input forms. When the user enters credentials in these windows, the compromised data is sent to a malicious server. The report states, “Sharkbot does not target every potential victim it encounters, but only a select number of individuals, who are determined to identify and track users from China, India, Romania, Russia, Ukraine or Belarus. Uses geo-fencing feature to ignore. “In total, we saw over 15,000 downloads of these apps from Google Play,” it added.


Threat actors are evolving and are constantly looking for ways to inject and release malware in any way possible, including disguised as legitimate “official” apps. After examining the apps, Google permanently removed these applications from the Play Store.