Why these apps were dangerous
As per the report, these apps were distributing a banking trojan malware named Sharkbot and were able to manage at least 16,000 cumulative downloads. These apps were able to disguise themselves as phone cleaning and file management apps. The researchers even suggested that by impersonating utility apps, attackers hoped that users won’t get suspicious when these apps would ask for various permissions.
How does Sharkbot work
The report mentions that Sharkbot needs several permissions to control other apps and steal sensitive banking data. This malware takes control of legitimate banking apps and the trojan can steal login data whenever users sign into the app.
How these apps managed to bypass Google’s security
These apps were able to bypass Google’s security checks as they didn’t deliver the malware payload upon installation, the report notes. The trojan was later deployed when the attackers triggered an update for these apps.
Regions targetted by the malware
The report claims that most of the victims were people residing in the UK and Italy. However, the researchers also observed that the attackers were also targeting the bank accounts of users in Iran and Germany as well.
How to stay safe from these apps
Google has already removed these apps from the Play Store. However, some users still might have the apps downloaded on their devices which can be risky. Users who had these apps installed need to delete these apps and change their banking account passwords to mitigate any threat of cybercriminal activities posed by the apps.
You can install an Android antivirus app and keep the Play Protect service enabled to protect against such attacks.