Google Play Store malware apps, stealing your data – Sharkbot malware and a data harvesting code 

8th April 2022

Google Play Store malware apps, stealing your data – Sharkbot and a data harvesting code 

Sharkbot Malware

Anti-virus apps are a great way to protect your mobile, but the last thing you want is for them to make your device vulnerable to malware.  
Recently Google Play app store has taken down several fake anti-virus apps that were being used to spread malware to steal Android users' passwords, bank details and other private information instead of protecting them from cybercriminals. 

According to the research, 6 different apps with a total of 15,000 downloads were spreading a Sharkbot malware, designed to steal victims’ usernames and passwords. The malicious apps tricked their users into entering personal information in an overlayed window, sending the credentials back to the attackers. 
As of today, the apps have been removed from the Google Play store. However, they are still available on various third-party apps, continuing to steal users’ data. 

Measurement Systems’ data-harvesting code

A different batch of malicious apps has recently been taken down by Google after finding that they secretly harvested users’ data. This time, the range of apps from the QR scanners to prayer apps contained the same code that could collect a user's email, phone number and exact location.  
The code was discovered by two researchers from the University of Calgary and UC Berkeley, who described it as a type of malware. Researchers claim the code was made by Measurement Systems, a company that is allegedly linked to US security agencies.  
Measurement Systems reportedly paid developers to integrate their SDKs with the apps. In return, the developers, as well as being paid, would receive detailed information about their users. One of the app developers reported that they “were told” the code was collecting data on behalf of ISPs.  
Measurement Systems has denied all the allegations and told Wall Street Journal that “the allegations you make about the company’s activities are false. Further, we are not aware of any connections between our company and U.S. defence contractors...” 
After the research was published, Google removed these apps from its app store. The researchers noted that they were downloaded to at least 60 million devices and may still exist on millions of them. 

Get in touch with RiskXchange to find out how you can protect yourself from malware and better mitigate cyber risks.