Used to pretend to be an antivirus solution
check point Research According to a blog post by, the original on the Google Play Store Antivirus These 6 Android apps that appeared as apps were seen as droppers for the Sharkbot malware. Sharkbot is an Android stealer used to infect devices and steal login credentials and payment details from users. Once the Dropper app is installed, it can be used to download malicious payloads and infect users’ devices.
Malware designed for users of these countries
The Sharkbot malware used by these 6 fraud antivirus apps also used a geofencing feature, which is used to target users in specific regions. According to the team at Check Point Research, the Sharkbot malware is designed to identify users from China, India, Romania, Russia, Ukraine or Belarus. Malware can reportedly check when it is being run in a sandbox and prevent execution and analysis. Check Point Research looked at 6 apps during this period from 3 developer accounts Zbynek Adamcik, Adelmio Pagnotto and Bingo Like Inc. The team also talks about AppBrain’s data, which shows that 6 apps were downloaded a total of 15,000 times before they were removed. Even after removing them from the Google Play Store, some apps of these developers are still present in the third party market.
According to Check Point Research, 4 malicious apps were seen on 25 February and Google was informed about it on 3 March. The apps were removed from the Play Store on March 9. This was followed by 2 more Sharkbot dropper apps on March 15 and March 22, both of which were reportedly removed on March 27. According to the team at Check Point Research, users should download and install apps only from Google Play Store, Apple App Store or any other trusted and verified space. In this way the security is maintained.