Cybersecurity experts have revealed a new malware dropper contained in 9 Android apps circulated via Google Play Store that arranges a second stage malware able to gain invasive access to the financial accounts of victims as well as full control of their devices.

Check Point researchers Aviran Hazum, Bohdan Melnykov, and Israel Wernik said: “This dropper, dubbed Clast82, utilizes a series of techniques to avoid detection by Google Play Protect detection, completes the evaluation period successfully, and changes the payload dropped from a non-malicious payload to the AlienBot Banker and MRAT.”

The apps that were used for the drive include Cake VPN, Pacific VPN, eVPN, BeatPlayer, QR/Barcode Scanner MAX, Music Player, tooltipnatorlibrary, and QRecorder. After the results were reported to Google on January 28, the rogue apps were eliminated from the Play Store on February 9.

Malware writers have used various approaches to sidestep app store examining mechanisms. Whether be it using encoding to conceal strings from analysis engines, generating rogue versions of genuine apps, or creating false reviews to bait users into downloading the apps, hoaxers have hit back at Google’s efforts to secure the platform by continually developing new methods to slip through the net.

Related articles

Method to overwrite and hijack the firmware of Tesla found
Miscellaneous

Method to overwrite and hijack the firmware of Tesla found

By CertX
Domain Names Used by Iran for Disinformation Seized by US
Miscellaneous

Domain Names Used by Iran for Disinformation Seized by US

By CertX
Huawei Hit by Fresh US Criminal Charges
Miscellaneous

Huawei Hit by Fresh US Criminal Charges

By CertX
Antivirus and Its Significance
Malware / Miscellaneous

Antivirus and Its Significance

By CertX
Any.Run sandbox detection added by Malware to avoid analysis
Malware

Any.Run sandbox detection added by Malware to avoid analysis

By CertX

Leave a Reply

Your email address will not be published. Required fields are marked *