Cybersecurity experts from Check Point Research reported the discovery of ten applications on Google Play with a new dangerous dropper – a Trojan for delivering malware to a victim’s smartphone.A dangerous Trojan found on Google Play lets check it.
These applications: Cake VPN, Pacific VPN, QR / Barcode Scanner MAX, Music Player, tooltipnatorlibrary, QRecorder, eVPN and BeatPlayer. The last two have met twice.
Through these applications, at the first stage, attackers could inject malicious code into financial applications on the device, and then gain access to accounts and full control over the device. Usually, the dropper, dubbed Clast82, installed the AlienBot Banker banking trojan on a smartphone, which allowed intercepting two-factor authentication codes for some banking applications.
At the same time, Clast82 used a number of methods to avoid detection by the Google Play Protect protection system, so applications could be freely available for a long time, attracting new users with a check mark for viruses.
On January 28, 2021, Check Point Research reported the threat to Google, and on February 9, all applications with Clast82 were removed from the Google Play store. If you still have any of them installed, then we strongly recommend that you remove them.