Google Play At It Again – Sharkbot Revisits the App Store

Despite continued efforts on the part of Google, its app store is still being abused for the distribution of malicious applications. Apparently, Google Play’s security measurements are not enough anymore. The app store has hosted infected apps before, and unfortunately, it’s doing it again with a familiar infiltrator – Sharkbot.

This notorious Android banking trojan managed to bypass Google’s security and spread across the Play Store’s library in the past. Now, it’s making another appearance disguising itself as antivirus and cleaner apps with thousands of downloads.

Such applications are very popular, especially among those who tend to keep a healthy mobile device. This makes it the perfect opportunity for cybercriminals to strike. What is this attack all about and what applications are being used? Find out below.

Sharkbot Swims Back to Google Play Store

As we mentioned, this isn’t the first time Google Play Store was found distributing applications that host malware. A while back, Play Store had around 17 applications spreading DAWDROPPER.

This time around, the campaign isn’t as big, but it’s as dangerous as Sharkbot can do a lot of damage regardless of the number of applications.

The infiltration sees only two apps spreading the malware. However, according to the number of downloads, this definitely will have an impact.

The malware is masquerading as an antivirus tool as well as a cleaner app. Such applications are very popular among Android users as their device is very susceptible to malware breaches.

The two malicious applications are “Mister Phone Cleaner” and “Kylhavy Mobile Security,” collectively harnessing over 60,000 installations.

The entire incident was explained by NCC Group’s Fox-IT. In their statement, they said the following:

“This new dropper doesn’t rely on Accessibility permissions to automatically perform the installation of the dropper Sharkbot malware.

Instead, this new version asks the victim to install the malware as a fake update for the antivirus to stay protected against threats.”

Luckily, Google Play has removed the applications from within its library. However, the risk is still there for those who have already installed them. If that’s the case, they’re recommended to remove them immediately.

Not only that, using a reputable antivirus tool, they should scan their device for any lurking malware. That way at least, they’ll know that their device is completely clean.

Sharkbot Version 2.25 – New and More Malicious

Targetting users by spreading malware on Google Play has become a very popular tactic among cybercriminals.

Unfortunately, the researchers predict that the attackers are focusing on developing the dropper in order to commit future malicious practices.

Whenever you want to download an application, make sure to give the reviews a quick read. Any past experience with them might save you a lot of trouble.