Clast82, this is the name given to the new malware discovered by Check Point in nine Utility apps on the Google Play Store
Check Point Research, the Threat Intelligence division of Check Point Software Technologies Ltd., discovered a new dropper – a program designed to spread malware to a victim’s phone – within 9 utility apps on the Google Play Store. Dubbed “Clast82” by researchers, the dropper bypassed the store’s protections to activate a second malware that gave the hacker access to the victims’ financial accounts, as well as control of their smartphones.
Clast82 releases AlienBot Banker malware-as-a-service, a second-stage malware that targets financial apps by bypassing two-factor authentication codes for such services. At the same time, Clast82 is equipped with a mobile remote access trojan (MRAT) capable of controlling the device with TeamViewer, making the hacker the real owner without the victim’s knowledge.
Check Point outlined Clast82’s method of attack as follows:
Clast82 uses a number of techniques to evade Google Play Protect detection. In particular, Clast82:
For each app, the attacker has created a new developer user for the Google Play Store, along with a repository on the actor’s GitHub account, thus allowing different payloads to be distributed to devices that have been infected with each malicious app.
The hacker used legitimate and well-known open-source Android apps. Here is the list:
CPR communicated its findings to Google on January 28, 2021. On February 9, Google has confirmed that all Clast82 apps have been removed from the Google Play Store.
Aviran Hazum, Check Point’s Manager of Mobile Research, said:
The hacker behind Clast82 was able to bypass Google Play’s protections using a creative, but worrying methodology. With a simple manipulation of easily found third-party resources – such as a GitHub account, or a FireBase account – the hacker was able to leverage available resources to bypass Google Play Store protections. The victims thought they were downloading a harmless utility app from the official Android store, but instead it was a dangerous Trojan targeting their financial accounts. The dropper’s ability to remain undetected demonstrates the importance of why a mobile security solution is needed. It is not enough to scan the app during analysis, as an attacker can, and will, change the behavior of the app using third-party tools.
The viewer for the Apple's mixed reality (XR)capable of passing from AR to VR, will…
REcording video on smartphone of two teenage girls dancing for posting in internet. Modern communication,…
Razer has announced the launch of the new Ornate V3 keyboard. This is the nuova…
--FILE--View of a logo of OPPO at a store in Shanghai, China, 6 October 2018.…
Sony's answer to Microsoft's Game Pass has just become available, with a wide range of…
News coming soon for Spotify: “Community“, The option that will allow mobile users to see…