Check Point, an Israeli cybersecurity firm, published their latest mobile malware findings in a blog post. The entry documented how the team discovered Google Play Store apps that left users vulnerable to smartphone malware that remotely controlled phones and had access to users’ financial accounts.
On Jan 27 this year, Check Point discovered a malware ‘dropper’ called ‘Clast82′. This dropper was included in nine apps available on Google Play.
Because the dropper itself contained no malware and used a series of techniques to avoid detection, the app store could not pick up on the apps’ malicious activities.<img alt="" data-caption="The nebulous, nefarious, no-good nine utility apps that had the Clast82 malware dropper.
PHOTO: Check Point” data-entity-type=”file” data-entity-uuid=”e83be9dd-9166-4cee-bb2e-11ed336129c8″ src=”/sites/default/files/inline-images/20210311_affectedapps_checkpoint.jpg”/>Once installed, the Clast82 dropper would trigger a request to download malware payloads hosted on GitHub. Known examples are AlienBot Banker and MRAT, malware families that grant attacks within Android devices’ financial apps.
If a phone with the dropper prevents the installation from unknown sources, the app will keep prompting the user for permissions to do so every five seconds.<img alt="" data-caption="The malicious modus operandi of Clast82 and the resultant malware installed.
PHOTO: Check Point” data-entity-type=”file” data-entity-uuid=”87c9a7a4-059f-4a67-83bb-4cc13c3b10eb” src=”/sites/default/files/inline-images/20210311_information_checkpoint.jpg”/>The nine malicious utility apps were reported to Google on the following day (Jan 28), and Google eventually removed all Clast82 apps from the Play Store on Feb 9, 2021. If you have these apps installed, it would be wise to remove them ASAP, of course.
If you’re interested in the dropper-then-malware combo’s technicalities, don’t forget to check out the original blog post here .
This article was first published in Hardware Zone.
DigitalGooglemalwareMobile apps
