A DANGEROUS TROJAN FOUND ON GOOGLE PLAY

Cybersecurity experts from Check Point Research reported the discovery of ten applications on Google Play with a new dangerous dropper – a Trojan for delivering malware to a victim’s smartphone.A dangerous Trojan found on Google Play lets check it.

These applications: Cake VPN, Pacific VPN, QR / Barcode Scanner MAX, Music Player, tooltipnatorlibrary, QRecorder, eVPN and BeatPlayer. The last two have met twice.

Read Also :- What is FileRepMalware virus and how to remove

Through these applications, at the first stage, attackers could inject malicious code into financial applications on the device, and then gain access to accounts and full control over the device. Usually, the dropper, dubbed Clast82, installed the AlienBot Banker banking trojan on a smartphone, which allowed intercepting two-factor authentication codes for some banking applications.

At the same time, Clast82 used a number of methods to avoid detection by the Google Play Protect protection system, so applications could be freely available for a long time, attracting new users with a check mark for viruses.

Experts found that the author of all these programs created a separate developer user for each application, but the same address was used everywhere as a mail for communication. [email protected]… In addition, the link to the privacy policy page also led to the same repository owned by the same subject.

On January 28, 2021, Check Point Research reported the threat to Google, and on February 9, all applications with Clast82 were removed from the Google Play store. If you still have any of them installed, then we strongly recommend that you remove them.

Cybersecurity experts from Check Point Research reported the discovery of ten applications on Google Play with a new dangerous dropper – a Trojan for delivering malware to a victim’s smartphone.A dangerous Trojan found on Google Play lets check it.

These applications: Cake VPN, Pacific VPN, QR / Barcode Scanner MAX, Music Player, tooltipnatorlibrary, QRecorder, eVPN and BeatPlayer. The last two have met twice.

Read Also :- What is FileRepMalware virus and how to remove

Through these applications, at the first stage, attackers could inject malicious code into financial applications on the device, and then gain access to accounts and full control over the device. Usually, the dropper, dubbed Clast82, installed the AlienBot Banker banking trojan on a smartphone, which allowed intercepting two-factor authentication codes for some banking applications.

At the same time, Clast82 used a number of methods to avoid detection by the Google Play Protect protection system, so applications could be freely available for a long time, attracting new users with a check mark for viruses.

Experts found that the author of all these programs created a separate developer user for each application, but the same address was used everywhere as a mail for communication. [email protected]… In addition, the link to the privacy policy page also led to the same repository owned by the same subject.

On January 28, 2021, Check Point Research reported the threat to Google, and on February 9, all applications with Clast82 were removed from the Google Play store. If you still have any of them installed, then we strongly recommend that you remove them.

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

TOP 11. BEST PROCESSORS FOR GAMING 2022

The 10th Gen Intel Core processors were introduced to compete with the Ryzen 3000. What have we got? New socket and old workflow. In...

How to test Windows 11 without installing anything

It's been two months since Microsoft released Windows 11. If you join the Windows Insider Program, you can download the free Windows 11 upgrade...

Windows 10 Insider Program

Actually, the Insider Preview program allows you to test pre-build Windows 10 & 11. Previously, Microsoft gave me a digital license for beta testing. But...