Google has removed from the Play Store a number of malicious applications disguised as antivirus
Google has removed at least six anti-virus programs after it was discovered that they were stealing passwords and other user data. Researchers from Check Point found that the program was downloaded a total of more than 15,000 times.
Malicious antivirus
Google has removed apps from the store following a notification from cybersecurity experts at Check Point. It turned out that by downloading “antivirus” software, users were actually downloading malicious Sharkbot software designed to intercept user data.
How the programs worked
As soon as the user enters the account name and password, the data is sent to the attacker’s server and used to try to access accounts in banking applications, social networks, e-mail services, etc.
Who has suffered the most from malicious applications
The majority of victims are in the UK and Italy. It is noteworthy that the software identifies and ignores users from China, India, Russia, Belarus, Ukraine and Romania.
How applications got into the Play Market
It is claimed that the programs were able to pass the Play Market test, because the malicious activity was not detected before downloading to the smartphone and communicating with the server. Infected Sharkbot programs were removed from the marketplace in March, although there is no guarantee that they will not be found in other stores.
It is known that just recently Google had to remove a number of other applications that probably passed information to third parties.