Check Point Research has discovered a new dropper, a program designed to spread malware on a victim's phone, within 9 utility apps on the Google Play Store. Nicknamed “Clast82”, the dropper bypassed the store's protections, activating malware that allowed a hacker to access victims' financial accounts and take control of their smartphones.
It is a second-stage malware, called AlienBot Banker, which targets financial apps by bypassing two-factor authentication codes for such services. At the same time, Clast82 is equipped with a mobile remote access trojan (MRAT) capable of controlling the device with TeamViewer, making the hacker the real owner without the victim's knowledge.
The 9 apps used by the hacker, legitimate and open-source, are the following: Cake VPN, Pacific VPN, eVPN, QR / Barcode Scanner MAX, eVPN, Music Player, Tooltipnatorlibrary and QRecorder. The findings were promptly communicated by Check Point Research to Google on January 28 and the Mountain View giant removed them from the Play Store on February 9.
Clast82 used a number of techniques to evade Google Play Protect detection. Specifically, the hacker changed the configuration of commands and controls using Firebase, and then "disabled" the malicious behavior of Clast82 during the analysis by Google.
The hacker he also took advantage of GitHub as a third party hosting platform from which to download the payload. For each app, the attacker created a new developer user for the Google Play Store, along with a repository on the actor's GitHub account, allowing it to distribute different payloads to devices that were infected with each malicious app.
Aviran Hazum, Manager of Mobile Research di Check Point, said: “The victims thought they were downloading a harmless utility app from the official Android store, but instead it was a dangerous Trojan targeting their financial accounts. The dropper's ability to remain undetected demonstrates the importance of why a mobile security solution is needed. It is not enough to scan the app during analysis, as an attacker can, and will, change the behavior of the app using third-party tools. "
Are you looking for an elegant, high-performance smartphone with an excellent camera? Huawei P30 Pro New Edition is the model for you. an affordable price, here.