“Antivirus” in the Google Play Store actually had malware to steal bank data

A malware called “Sharkbot” was hiding in these apps from the official Google repository .


Researchers at Check Point Research have discovered six apps in the Google Play Store repository that spread banking malware posing as antivirus to steal user credentials.

The six applications discovered in the Google store spread malware called Sharkbot , with which cybercriminals steal credentials and banking information from Android users .

This malware displays a window that mimics credential input forms. When users enter their credentials, this information is sent to a malicious server. For its propagation, it sends messages with malicious links to the victims and push messages , as stated in a statement.

Its activity also had a geofence limitation, as Check Point Research has pointed out , for which it did not run if the device users were in China, India, Romania, Russia, Ukraine or Belarus.

What are these apps?

From the cybersecurity company they have highlighted that these malicious ‘apps’ were displayed in the Google Play Store as antivirus solutions (Atom Clean-Booster, Antivirus; Antivirus, Super Cleaner; Alpha Antivirus, Cleaner; Powerfull Cleaner, Antivirus; and two Call Center Security, Antivirus).

Check Point Research contacted Google after the findings, which, after examining them, removed them from its digital store. However, the researchers have pointed out that they are still present in alternative repositories.

With information from Europe Press