Android antivirus apps caught spreading their own malware

News
By published

Six fake antivirus apps have been removed from the Play Store

Android
(Image credit: Google)

Google has removed a number of fake Android antivirus apps from the Play Store after it was discovered they were being used as a vehicle for malware distribution.

According to cybersecurity experts from Check Point Research, the company responsible for the discovery, at least half a dozen antivirus apps available on the official Android marketplace were being used to spread banking malware. 

The apps in question are called:

  • Atom Clean-Booster, Antivirus
  • Antivirus, Super Cleaner
  • Alpha Antivirus, Cleaner
  • Powerful Cleaner, Antivirus
  • Center Security - Antivirus (two versions)

These malicious apps were carrying Sharkbot, a malware strain that steals passwords and banking information. It shares push notifications and offers up fake login prompts, through which users share their credentials with the attackers. 

Although all have since been removed from the Play Store, Check Point says they still remain active in unofficial markets. Android users who had downloaded the apps before they were removed are advised to uninstall them immediately.

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window <<

Sparing Russians and the Chinese

In a single week of analysis, more than 1,000 unique infected endpoints were identified, with the number growing by roughly 100 every day. Google Play Store figures show the malicious apps were downloaded roughly 11,000 times in total.

The threat actor’s identity remains unknown, although the researchers say they have reason to believe they are of Russian origin. The malware comes with geo-fencing features, ignoring devices in China, India, Romania, Russia, Ukraine, and Belarus. Most of the victims are located in the UK and Italy. 

The developer accounts that uploaded the apps were Zbynek Adamcik, Adelmio Pagnotto and Bingo Like Inc. Of the three accounts, two have been active since the autumn of 2021. 

Read more

> That Android antivirus could actually be malware

> Hundreds of thousands of Android users infected by banking malware hosted on Play Store

> This dangerous Android banking trojan is now available online for anyone to use

Simply downloading the app won’t be enough for the threat actors to launch a full-blown attack, however. The victim still needs to grant the app permissions for accessibility services, which is something the app will try and trick the victim into doing.

After the app is granted the permissions, it will take over most of the smartphone’s functions and will be able to operate freely.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
mobile phone
Popular Android financial help app is actually dangerous malware
Google Pixel 7 Pro hands on front Hazel
The best Android antivirus apps for 2025
In this photo illustration a Google Play logo seen displayed on a smartphone.
Over 2 million risky Android apps were blocked from the Play Store last year
Android phone malware
This nasty Android malware is posing as the Telegram Premium app
Malware worm
Coordinated global mobile malware campaign targets banking apps and cryptocurrency platforms
Latest in Security
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Image depicting a hand on a scanner
Hackers are targeting unpatched ServiceNow instances that exploit 3 separate year-old vulnerabilities
ransomware avast
Ransomware attacks are costing Government offices a month of downtime on average
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Latest in News
Seth Milchick and Kier Eagan&#039;s animatronic speaking in Severance season 2 episode 10
Apple TV+ announces Severance has been renewed for season 3 after that devastating finale
Apple&#039;s Craig Federighi presenting customization options in iOS 18 at the Worldwide Developers Conference (WWDC) 2024.
iOS 19: new features, a new design, and everything you need to know
Spotify&#039;s new Concerts Near You playlist feature showing a list of songs by local touring artists
Spotify has launched a new Concerts Near You playlist, making it easier for you to see if your favorite artists are performing in your area
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
The new Dr. Squatch Call of Duty collection.
Latest Call of Duty collaboration finally lets you rub your body with Soap - and I can't believe I just wrote that
Samsung S95D with peacock feather on screen
Samsung says an OLED-beating new screen tech could come sooner than we thought – but I wouldn't expect it in 4K TVs right away
More about security
An image of network security icons for a network encircling a digital blue earth.

US government warns agencies to make sure their backups are safe from NAKIVO security issue
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol

Veeam urges users to patch security issues which could allow backup hacks
A person in a wheelchair working at a computer.

Here’s a free way to find long lost relatives and friends
See more latest
Most Popular
Apple&#039;s Craig Federighi presenting customization options in iOS 18 at the Worldwide Developers Conference (WWDC) 2024.
iOS 19: new features, a new design, and everything you need to know
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
A person working on a laptop outside.
HP's new built-in eSIM lets you stay connected to the internet, even without Wi-Fi
A pair of Lenovo Legion Go S models on a desk
Finally, the more powerful Lenovo Legion Go S model has a release date - but the price is a gut punch
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
SluTune Q1 Bluetooth speaker
I love this super-slim, sleep-friendly Bluetooth speaker – but the name's a nightmare
Samsung S95D with peacock feather on screen
Samsung says an OLED-beating new screen tech could come sooner than we thought – but I wouldn't expect it in 4K TVs right away
Google AI
A powerful new AI tool is coming to Chromebooks to vastly increase productivity
A close up of Gemma Scout in Severance&#039;s season 2 finale
'They only told me': Severance actor Dichen Lachman reveals how long she's known about Cold Harbor's true purpose in the Apple TV+ show
Seth Milchick and Kier Eagan&#039;s animatronic speaking in Severance season 2 episode 10
Apple TV+ announces Severance has been renewed for season 3 after that devastating finale