Ten applications that were used to distribute a banking Trojan detected in the Play Store
Researchers at the information security company Check Point Research have found ten Android applications in the Play Store digital content store that contain the Clast82 dropper Trojan used to distribute the banking Trojan AlienBot and more malware. According to the available data, all detected malicious applications have already been removed from the Google platform.
The source says that the dropper was disguised as legitimate products for the Android software platform by cybercriminals. All problematic applications were utility utilities such as Cake VPN, Pacific VPN, BeatPlayer, QR / Barcode Scanner MAX, recorder, etc. The functionality of the utilities was taken from legitimate, open source Android applications by the attackers.
It is reported that standard Google verification tools did not detect these applications’ suspicious activity. The Firebase cloud service was used for remote malware management, and banking trojans were downloaded from GitHub’s repositories.
It is also noted that the dropper could independently determine when to activate malicious functions and when it is not necessary to do so, so as not to be detected. The researchers note that usually malicious functions were deactivated while the application was being tested, and after being published on the Play Store, they were automatically turned on. About downloadable malware, mRAT was used by cybercriminals to gain remote access to infected devices. Simultaneously, AlienBot allowed malicious code to be injected into legitimate banking applications installed on victims’ devices.
