New Delhi: Security research firm Check Point in its research has discovered a new dropper being spread via 9 malicious Android apps on the official Google Play store.


COMMERCIAL BREAK
SCROLL TO CONTINUE READING

The malware family allows the attacker to obtain access to victims’ financial accounts and take full control of their mobile phone. Google has meanwhile removed the apps from the Play store after being notified by Check Point Software.


"The dropper, dubbed Clast82, has the ability to avoid detection by Google Play Protect, complete the evaluation period successfully, and change the payload dropped from a non-malicious payload to the AlienBot Banker and MRAT," the Check Point blog said.


Here are the apps as found by Check Point (Name and Package_name)


  1. Cake VPN: com.lazycoder.cakevpns
     
  2. Pacific VPN: com.protectvpn.freeapp
     
  3. eVPN: com.abcd.evpnfree
     
  4. BeatPlayer: com.crrl.beatplayers
     
  5. QR/Barcode Scanner MAX: com.bezrukd.qrcodebarcode
     
  6. eVPN: com.abcd.evpnfree
     
  7. Music Player: com.revosleap.samplemusicplayers
     
  8. tooltipnatorlibrary: com.mistergrizzlys.docscanpro
     
  9. QRecorder: com.record.callvoicerecorder

After Check Point Research reported its findings to the Android Security team, Google confirmed that all Clast82 apps were removed from the Google Play Store, the security research firm mentioned in its blog.