These Antivirus Apps On Google Play Aren’t What They Seem With Sinister Malware On Board
Thanks to the researchers at CheckPoint Software Technologies Ltd., a security-focused development and research firm, we now know of six apps that claimed to be anti-virus or anti-malware utilities on the Google Play Store, that were carrying malicious payloads. including Sharkbot. The shady apps, downloaded approximately 15,000 times, are as follows.
-
Atom Clean-Booster, Antivirus
- Published by Zbynek Adamcik
- Antivirus, Super Cleaner
- Published by Zbynek Adamcik
- Alpha Antivirus, Cleaner
- Published by Adelmia Pagnotto
- Powerful Cleaner, Antivirus
- Published by Adelmio Pagnotto
- Center Security - Antivirus
- Published by Bingo Like Inc.
- Center Security - Antivirus
- Published by Bingo Like Inc.
This particular variation on the Sharkbot malware, according to ChekPoint, also includes a function known as a "Domain Generation Algorithm" or DGA. The purpose of DGA is to generate new domains for the app to communicate back to its command-and-control server, making it harder to track. According to CheckPoint, the DGA feature was generating seven new domains per week, or roughly one a day.
Another nasty thing about this particular malware, and sometimes the apps that package them, is a function called a "Dropper". A dropper is a method in which an app will claim to need an update, and push users to a shady website to get even more malware. Sometimes the malware will try this over existing banking apps, other times it will just throw itself on top of the starting app that installed the malware in the first place.
To protect yourself it is best to only install apps from a trusted source. If a publisher is new, double-check for another similar app, check reviews, and perform a web search for the app to see if anyone has reported trouble, as malware distributors often try to trick users into installing their apps by looking like a legitimate version. If you have concerns about an app being malware, you can also report via the Play Store. It is also worth noting that the latest security update to Android 12 does try to mitigate some of the features that the Sharkbot malware attempts to take advantage of, such as utilizing handicap assistance modes to bypass security layers. CheckPoint's full detailed research on the malware is available to read here.