Cybercriminals are getting craftier by the week, managing to sneak dangerous malware into different places. Last week a QR code app was caught hiding the banking trojan TeaBot.
In a worrying trend, cybercriminals are becoming more effective in sneaking malware into official apps stores. Even though Apple’s App Store and the Google Play Store have strict guidelines, now and then, a malicious app slips through the cracks.
That just happened. An antivirus app was caught hiding malware, and it’s available for download in the Google Play Store. Keep reading for details on this malicious app and what you should do now.
Here’s the backstory
Security researchers from two companies found nasty malware hiding in the Google Play Store, embedded in an antivirus app called Antivirus, Super Cleaner. The app serves as a vehicle for the malicious SharkBot malware, which has devastating capabilities.
According to Cleafy and NCC Group, SharkBot malware is a banking trojan designed to automatically transfer funds from your account to the criminal’s account. This is done through Automatic Transfer Systems (ATS), which replicates button presses, clicks and touches.
But the most-used function in SharkBot is stealing banking login information, intercepting text messages and, on occasion, controlling your mobile phone.
What you can do about it
The offending application is no longer available on the Google Play Store, but some victims could still have it installed on their devices. Unfortunately, when an app is removed from the store, it doesn’t disappear from your phone, so you’ve got to uninstall it manually. Here’s how to do that:
- Ope the Google Play Store app on your device.
- Tap on your Profile icon in the top right.
- Tap Manage apps & devices, then Manage.
- Search for the Antivirus, Super Cleaner app by name or tap the app you want to uninstall.
- Tap Uninstall to remove it from your device.
While you can never be entirely sure that a downloaded app is free from malware, there are a few things that you can do to stay safe.
- An excellent way to establish authenticity is to read through an apps’ comments and reviews. Users are quick to alert others if the application isn’t what it appears to be.
- Only download applications from official app stores. While some malicious apps slip through, you dramatically reduce your chances of infection than when using third-party app stores.
- Have trusted antivirus software on all of your devices. We recommend our sponsor, TotalAV. Go to ProtectWithKim.com now to save 85% on total protection you can trust.
Update your Android now to fix a bug that blocks calling 911
Your Android has a hidden voice command menu – Here’s how to find it