Researchers on Tuesday published a serious warning for Android device owners, alerting them to the discovery of eight dangerous apps in the Google Play Store that could have allowed an attacker to take over a victim’s smartphone as well as drain their bank account.
That’s according to Check Point Research, which said in its report about the discovery that the cyber threat intelligence firm actually found the apps back on January 27 and notified Google about them the next day. One month ago today, Google confirmed that they’d been removed from the Play Store — but you still need to remove any of these from your device yourself, if you have them. So, what exactly happened here? Read on for the details, as well as the names of all eight of the identified Android apps.
The Check Point researchers explained that what they discovered is a malware dropper, called “Clast82,” which was spreading via the eight apps. What’s scary about it is that the dropper was able to avoid being caught by Google Play Protect, and it also includes a remote access trojan so nasty that one of the researchers told Forbes it lets the attacker take “full control over a victim’s phone — making it as if the hacker is holding the phone physically.”
According to the Check Point findings, this particular dropper seems to prefer the AlienBot Malware-as-a-Service (MaaS), which lets an attacker remotely inject malicious code into legitimate financial applications on Android devices. “The attacker obtains access to victims’ accounts, and eventually completely controls their device,” the researchers explain. “Upon taking control of a device, the attacker has the ability to control certain functions, just as if they were holding the device physically, like installing a new application on the device, or even control it with TeamViewer.”
The eight apps in question, along with their package names, are as follows, per Check Point Research:
- Cake VPN (com.lazycoder.cakevpns)
- Pacific VPN (com.protectvpn.freeapp)
- eVPN (com.abcd.evpnfree)
- BeatPlayer (com.crrl.beatplayers)
- QR/Barcode Scanner MAX (com.bezrukd.qrcodebarcode)
- Music Player (com.revosleap.samplemusicplayers)
- tooltipnatorlibrary (com.mistergrizzlys.docscanpro)
- QRecorder (com.record.callvoicerecorder)
Again, you should absolutely delete any of these apps immediately if you find them on your device. It would probably also be a good idea to change any passwords associated with your financial accounts, too, since accessing those is one of the worries here.
While hackers can be quite clever and creative in the degree to which they’ll go to hide the intentions and true nature of their apps, this is yet another opportunity to be reminded that you should always double-check the apps you’re preparing to download and the identity of the developers behind them. It doesn’t appear to be a situation where the apps above were able to infect millions of devices before researchers caught on to them — this time. But hackers who are truly committed will keep coming back, undaunted, until they score.
Andy is a reporter in Memphis who also contributes to outlets like Fast Company and The Guardian. When he’s not writing about technology, he can be found hunched protectively over his burgeoning collection of vinyl, as well as nursing his Whovianism and bingeing on a variety of TV shows you probably don’t like.
For all the Latest Technology News Click here
For Latest News & Update please Follow us on Google News
Also, if you like our efforts, consider sharing this story with your friends, this will encourage us to bring more exciting updates for you
