BSN 4.18.2022 1

Dangerous Malware Disguised as Antivirus Software

BSN 4.18.2022 1


It is so easy to become complacent in our cybersecurity behaviors.  But Android users should be given a shake this week and alerted to malware that is being deployed unknowingly by users who think that they are downloading anti-virus apps via the Google Play store.  There were six different cases found to contain the Sharkbot malware in recent days.  Initially discovered in October of 2021, this banking trojan makes money transfers by stealing credentials and banking information.  

Sharkbot is a type of malware that provides what appears to be a legitimate application and login form, where then the users provide all necessary details and are immediately hacked and transferred to a hostile server. It can also deploy other malicious behaviors and tasks on a device in addition to stealing login credentials. An example of this might be intercepting your bank communications that are sent through SMS text messages. And it has the capacity to bypass multi-factor authentication that is in place.  It initiates money transfers via Automatic Transfer Systems, known as ATS, which is used to better authenticate user ids and flag suspicious money transfers.

Who is (Currently) Targeted?

While no one can avoid being a target of cybercrime, Android users – in fact, as many as 15,000 users were the ones that downloaded and installed one of the applications before they were removed.  Sharkbot malware has not been attacking every user but has been attacking a subset of these users, and by using geofence technology, they identify and avoid users from China, India, Ukraine, Belarus, and Russia.

Developer accounts from Zbynek, Adamcik Adelmio Pagnott, and Bingo Like Inc were the three that had six apps infected with the malware.  These included Powerful Cleaner, Atom Clean-Booster, Alpha Antivirus, and others.

While they have since been removed from the Google Play store, if you or any of your clients downloaded these prior to their removal, they should be uninstalled immediately.   What we learn from situations like this is that a strong cybersecurity posture is a war that does not end once a training course is taken, or a breach occurs.  The need for awareness, training and research into cybercrime tactics being used will never go away as long as we are using electronic devices to share and store our data.  Your service offering should include ongoing training and should always be an integral part of your client’s business process. 

badge w light burst white (1)
Exclusively for Our MSP Partners

Now Available: Gen AI Certification From BSN

Lead Strategic AI Conversations with Confidence

Breach Secure Now’s Generative AI Certification helps MSPs simplify the AI conversation, enabling clients to unlock the value of gen AI for their business, build trust, and drive growth – positioning you as a leader in the AI space.

More on blogs

What Is the AI Culture Assessment? A Smarter Starting Point for Responsible AI Adoption

AI is already showing up in the workplace, but many organizations lack visibility into how it is being used. The AI Culture Assessment helps MSPs

Phishing Tests Aren’t Enough: Why Remediation Is the Missing Link in Security Awareness

Phishing simulations show who clicks, but without follow-up, they rarely change behavior. Phishing remediation closes the gap by turning failures into learning opportunities, reinforcing training

Why Continuous Training Beats One-and-Done Cyber Awareness

Cyber threats evolve constantly, which means annual cybersecurity training is not enough to keep employees prepared. Learn how continuous training, phishing simulations, remediation, and short
Take the First Step

Experience Training That Makes a Difference

during the demo you’ll:

Take the First Step

Experience Training That Makes a Difference

During the demo you’ll: