Check Point Research: nine Google Play Store apps contained malware droppers
The dropped malware allows full control over a victim's phone. The culprits were since removed from the app store.
Image credit: Check Point.
Check Point, an Israeli cybersecurity firm, published their latest mobile malware findings in a blog post. The entry documented how the team discovered Google Play Store apps that left users vulnerable to smartphone malware that remotely controlled phones and had access to users' financial accounts.
On 27 January this year, Check Point discovered a malware 'dropper' called 'Clast82'. This dropper was included in nine apps available on Google Play. Because the dropper itself contained no malware and used a series of techniques to avoid detection, the app store could not pick up on the apps' malicious activities.
The nebulous, nefarious, no-good nine utility apps that had the Clast82 malware dropper. Source: Check Point.
Once installed, the Clast82 dropper would trigger a request to download malware payloads hosted on GitHub. Known examples are AlienBot Banker and MRAT, malware families that grant attacks within Android devices' financial apps. If a phone with the dropper prevents the installation from unknown sources, the app will keep prompting the user for permissions to do so every five seconds.
The malicious modus operandi of Clast82 and the resultant malware installed. Credit: Check Point.
The nine malicious utility apps were reported to Google on the following day (28 January), and Google eventually removed all Clast82 apps from the Play Store on 9 February 2021. If you have these apps installed, it would be wise to remove them ASAP, of course.
If you're interested in the dropper-then-malware combo's technicalities, don't forget to check out the original blog post here.
Source: Check Point Research
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.