Antivirus Apps on Google Play Store Are Infecting Devices With Banking Trojans

The Google Play Store is notorious for having a wide range of security flaws, and many of these flaws allow malicious actors to infect users with several different kinds of malware in spite of the fact that this is the case. Perhaps the most concerning incident that occurred was the discovery of a trojan by the name of SharkBotDropper which stole valuable banking information and financial data from the users that downloaded apps infected with them, as spotted by FoxIt.


This malware was primarily present in antivirus apps which makes it even more dangerous than might have been the case otherwise. Google managed to rid the Play Store of apps that had this trojan, but in spite of the fact that this is the case it seems that the trojan has come back with a vengeance once all has been said and is now out of the way. There are now two new antivirus apps that have this dangerous trojan, namely Mister Phone Cleaner which has been downloaded over 50,000 times and Kylhavy Mobile Security which has received over 10,000 downloads.

With all of that having been said and now out of the way, it is important to note that these apps can create fake log in pages that users might enter their account details into. Antivirus apps are popular because of the fact that this is the sort of thing that could potentially end up keeping people safe from cyber attacks, so the presence of such dangerous and threatening banking trojans can seriously compromise cybersecurity for Android users around the world.

Cybersecurity professionals have been playing hide and seek with this trojan since April, and they have not yet managed to make it a thing of the past. Google must also be held accountable for allowing such apps onto its store in the first place. Google clearly is not doing enough to ensure the safety of its users, and that is something that needs to change as soon as possible. Interestingly, users in China, India, Belarus, Romania, Russia and Ukraine are exempted from this trojan thanks to geofencing which suggests that the malicious actors may be in one of these regions.

Read next: Common Email Security Practices Called Into Question as 89% of Organizations Suffered Breaches In the Past Year
Previous Post Next Post