A dangerous Trojan found on Google Play

Cybersecurity experts from Check Point Research reported the discovery of ten applications on Google Play with a new dangerous dropper – a Trojan for delivering malware to a victim’s smartphone.A dangerous Trojan found on Google Play lets check it.

These applications: Cake VPN, Pacific VPN, QR / Barcode Scanner MAX, Music Player, tooltipnatorlibrary, QRecorder, eVPN and BeatPlayer. The last two have met twice.

Read Also :- What is FileRepMalware virus and how to remove

Through these applications, at the first stage, attackers could inject malicious code into financial applications on the device, and then gain access to accounts and full control over the device. Usually, the dropper, dubbed Clast82, installed the AlienBot Banker banking trojan on a smartphone, which allowed intercepting two-factor authentication codes for some banking applications.

At the same time, Clast82 used a number of methods to avoid detection by the Google Play Protect protection system, so applications could be freely available for a long time, attracting new users with a check mark for viruses.

Experts found that the author of all these programs created a separate developer user for each application, but the same address was used everywhere as a mail for communication. [email protected]… In addition, the link to the privacy policy page also led to the same repository owned by the same subject.

On January 28, 2021, Check Point Research reported the threat to Google, and on February 9, all applications with Clast82 were removed from the Google Play store. If you still have any of them installed, then we strongly recommend that you remove them.

We will be happy to hear your thoughts

Leave a reply