After about a month, we return to talk about the Sharkbot bankware, again on the hunt for banking credentials, now with a particular passion for Italian users: all while 11 applications would have stolen the personal data of 60 million users.
The attacks on the security of users who use the most popular mobile operating system, Android, recently targeted both by a real hacker attack, and by a more than suspicious collection of sensitive data, do not seem to end.
The first security threat of this weekend start was reported by researchers from the Israeli security house CheckPoint, who found six fake antivirus applications in the Play Store (Atom clean booster, Alpha antivirus, Powerful cleaner, Super cleaner and finally, a couple of apps with the same name of “Center security”) which, perhaps written by Russian-speaking hackers, have been downloaded more than 11 thousand times.
According to experts, once they ended up on the victims’ terminals (over 1,000 according to the unique IPs detected), these apps implemented a geo-fencing mechanism whereby they discarded users from countries such as Russia, China, Ukraine, Belarus, Romania , India, focusing on Italy (62% of cases) and the United Kingdom (36%). At that point, through insistent notifications, they invited users to enter personal data, such as passwords and banking credentials, in forms which, managed by an Android Stealer, the sadly (already) known Sharkbot virus, were sent to a remote server of command and control, ending up in the hands of hackers. To date, Google, warned of the problem, has already removed the apps from its Play Store but, in any case, Check Point advises to stay alert, reporting suspicious apps to Big G, and turning only to known and reliable antivirus apps. .
Another threat to the security of the mobile users of the green robot was, however, reported by the AppCensus platform which analyzes the behavior towards the privacy of the apps and which, for this reason, has compiled a list of 11 applications, including Speed Camera Radar, Wi-Fi Mouse (remote control PC), Al-Moazin Lite (Prayer Times), Simple weather & clock widget, QR & Barcode Scanner, Smart Kit 360, Qibla Compass – Ramadan 2022, Handcent Next SMS-Text with MMS, Al Quran MP3 – 50 Reciters & Translation Audio, Audiosdroid Audio Studio DAW, Full Quran MP3 – 50+ Languages & Translation Audio.
These apps were reported to Google in October 2021 as, through an advertising SDK, they collected valuable sensitive information (email, telephone number, SIM serial number, IMEI code of the phone, references to the data connection, history of GPS positions), for which a company known as Measurement Systems has almost certainly paid a lot.
Google, last March, suspended these apps, re-admitting them because, according to it, they were no longer problematic, with the result that, to date, an audience of potential victims equal to 60 million users is estimated. In case someone has installed them, experts recommend to manually remove them, and to search, for the purposes of use of these apps (QR code scanners, weather forecast apps, Muslim prayer apps, etc.), equivalents that have a better and higher reputation.