Cybersecurity researchers at Check Point have identified six different fraudulent anti-virus applications that have since been removed from the Google Play store. The applications are parading as tools that help to protect users from cybercrime, however, they actually deliver malware to steal passwords, bank details, and other personal information. The applications primarily target Android users, and were downloaded from the Google Play store by over 15,000 users who were seeking to protect their devices.
The applications leverage the Sharkbot Android malware, which is designed to steal sensitive information by luring its victims to enter their credentials in spoofed windows. When targets input their information, it is immediately sent back to the attackers. Attackers behind the campaign can then use the credentials to gain access to emails, social media, banking accounts, and more. The applications were able to bypass the Google Play store protections because the malicious behavior was not detected until the user had already downloaded the app.