Antivirus apps downloaded thousands of times from Google Play Store contained password-stealing...

midian182

Posts: 7,895   +82
Staff member
Facepalm: It's starting to feel like Google is wasting its breath when warning people about the dangers of sideloading apps, given how many malware-infested programs slip onto the Play Store. Six more were discovered and removed after they were found to be stealing login credentials while masquerading as antivirus applications.

Check Point security researchers said the six apps had been downloaded over 15,000 times before Google removed them from its store following the cybersecurity firm's disclosure. While users thought they were downloading mobile antivirus apps, they were actually installing the Sharkbot Android stealer, ironically.

Sharkbot works by convincing victims to enter their credentials in windows that mimic input forms, often when it detects banking apps are opened. It can also steal information by keylogging, intercepting SMS messages, and gaining full remote access.

Once a person enters their username and password, the details are sent to a malicious server and used to access accounts such as banks, social media, emails, and more.

Most of the victims came from the UK and Italy. Interestingly, the malware used geofencing to identify and ignore users in China, India, Romania, Russia, Ukraine, or Belarus.

The apps were able to slip past the Play Store safeguards because their malicious behavior wasn't activated until after someone downloaded one and it communicated with the server, writes ZDNet.

The Sharkbot-infested applications were removed from the Google Play Store in March, though they will likely still be available on other storefronts.

It was only two weeks ago when researchers at French mobile security company Pradeo revealed that an app named Craftsart Cartoon Photo Tools contained a version of an Android trojan malware called Facestealer. It was able to steal mobile users' Facebook login credentials and had been downloaded over 100,000 times before Google removed it.

Permalink to story.

 

trparky

Posts: 1,087   +1,232
Once again, the lack of oversight in the Google Play Store strikes again. For God's sake man, this is beyond stupid already. Google, fix your sh*t already. This should not be happening.
 

TsVkK

Posts: 103   +60
Malicious actors bait and switch, use safe application as malware droppers, obfuscate through numerous ways and are thinking up new ways all the time. It's a war for $$$'s going on and there will never be an end to the attacks and compromises, no matter how bold or underlined people declare that it should not happen.
 

Watzupken

Posts: 603   +502
What I find most facinating about these articles is the amount of people that just seem to download any app.

Why not go with a known and trusted vendor for something like this if you felt you need one.

Nope, let me just throw a dart at the screen and thats the AV app I'm going to use.
I feel in the first place, you are meant to be able to download any app on the store because Google is supposed to have vet through, I.e. Play Protect. But obviously, a lot of malware are making it into the store. Whether I am using Apple or Google store, I generally avoid downloading any random app. This is especially so on Android devices. And while people like the idea of being able to side load apps, I tend to avoid using this feature as well because I have no idea how clean is the apk in the first place when it is hosted somewhere other than the app provider.
 

Old Molases

Posts: 188   +38
What I find most facinating about these articles is the amount of people that just seem to download any app.

Why not go with a known and trusted vendor for something like this if you felt you need one.

Nope, let me just throw a dart at the screen and thats the AV app I'm going to use.
Very well said. How can people be so dumb that they opt for anything they come across without doing any homework.
 

Sausagemeat

Posts: 1,597   +1,422
Where are all the fools who want to force Apple to allow sideloading? Obviously the App Store and the play store won’t catch everything but you can almost guarantee that this sort of thing would shoot through the roof if lawyers prize open iOS to just anyone who wants to release some malware for it.
 
Here's a very unique fact about the Android OS that is largely unknown by a significant percentage of people that own Android-based mobile devices: since Android's birth in 2008, to date, there has never been a single confirmed case of an Android device becoming infected by a virus. (And no, the userspace "malware" that can negatively affect Android is not a virus, since it is incapable of infiltrating the system directory and infecting the core filesystem.) Anybody who would use an antivirus app on a device, that is incapable of being infected by a virus by default, probably deserves to have their account passwords compromised. Those responsible for the malicious code target naive people and those who are simply unknowledgeable with regard to viruses and OS security in general. Using antivirus on Android is highly akin to using an umbrella indoors -- sure, you can do it, but it looks ridiculous and accomplishes absolutely nothing.