BEWARE! 4 Fake Antivirus Apps On Google Play Store That Can Initiate Unauthorized Financial Transactions

With the emergence of malicious apps on Google’s Play Store, it is crucial to be suspicious of all new apps. Harmful programs may not show up in official app stores like Apple and Microsoft but still are present where they can propagate their malware.

If you are looking for a good antivirus app, then beware! There are 4 fake antivirus apps on the Google Play Store that can initiate unauthorized financial transactions.

BEWARE! 4 Fake Antivirus Apps On Google Play Store That Can Initiate Unauthorized Financial Transactions


SharkBot, an Android banking malware that masquerades as an antivirus software, has gotten through Google Play Store security safeguards.

According to a research by the National Cyber Security Center, the virus is part of a family of banking trojans that may steal credentials and use them to begin transactions on infected phones while avoiding multi-factor authentication. It was identified in three apps: UltData Recovery, Media Player HD, and Live Net TV, in November 2021.

Table of Contents

How It Works And Infects Devices

The malicious program works in the same way as a two-layer poison pill. The first layer poses as an antivirus, while the second is a less dangerous form of SharkBot that updates by downloading and installing the full version of the malware. Then it goes to work stealing money from victims’ bank accounts using numerous techniques.

The virus includes an automated transfer system (ATS), which enables attackers to auto-fill information in various mobile banking apps and initiate money transfers from infected Android smartphones. 

In other words, the technology fools the bank’s fraud detection features by simulating the exact sequence of activities consumers do to start money transfers, such as gestures, clicks, and button pushes.

The virus may launch a “overlay assault,” according to the research. When it detects that the program is running, it displays a page that appears like your bank, prompting you to enter your login information.

It may also turn on a keylogger, which sends whatever you enter to the criminal’s servers.

It can also intercept and conceal SMS messages! SharkBot may also block all incoming alerts and transmit messages that cybercriminals want. In technical terms, this means SharkBot may utilize a variety of methods to entirely take control your device.

Apps that have been impacted

Surprisingly, the infection was identified in an antivirus program called Super Cleaner.

It may also be found in other antivirus programs, such as:

  • Super Cleaner, Antivirus
  • Antivirus and a powerful cleaner
  • Cleaner, Alpha Antivirus
  • Antivirus, Atom Clean-Booster

How Do You Get Rid Of SharkBot From Your Phone?

If you’ve downloaded the phony antivirus “Super Cleaner,” uninstall it and consider wiping your phone completely.

As part of its anti-detection and anti-analysis methods, SharkBot contains an Anti-delete function that prevents victims from deleting infected apps. As a result, Android Police recommends that users who suspect or have downloaded the virus factory reset their phones to thoroughly remove the infection.

In addition, in tip #5 of our earlier post on whether data factory reset may remove viruses from Android phones, we recommend that consumers only download apps from trusted sites and that all software be updated and activated using only approved methods.

The revelation comes only a week after Cleafy researchers revealed information of a new TeaBot variation aimed to target users of over 300 banking applications in the Google Play Store.

The “trend micro download with serial number” is a fake antivirus app that can initiate unauthorized financial transactions on the Google Play Store. It has been given 4 stars by many users, but it is not recommended to use this app.

Related Tags

  • google play store policy update
  • trend micro
  • trend micro mobile security for android
  • how to spot fake apps
  • trend micro login