Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Google has removed a bunch of malicious VPNs from the Play Store

Image Description

Google has removed nine malicious utility and VPN apps from the Play Store after they were found to contain a malware dropper by Check Point Research.

The cybersecurity firm recently discovered a new dropper spreading via the Google Play Store which it has dubbed Clast82. Unlike other malware droppers, Clast82 has the ability to avoid detection by Google Play Protect, successfully complete Google's evaluation period and change its payload to the AlienBot Banker and MRAT.

The AlienBot malware family is a Malware-as-a-Service (MaaS) for Android devices that allows a remote attacker to inject malicious code into legitimate financial apps. An attacker can obtain access to victims' accounts and even completely control their device just as if they were holding it physically.

While Cake VPN, Pacific VPN, eVPN, BeatPlayer, QR/Barcode Scanner MAX, Music Player, tooltipnatorlibrary, and Qrecorder have all now been removed from the Google Play Store, if you have any of these apps installed on your devices, you should delete them immediately.

Avoiding detection

During its investigation of the Clast82 dropper, Check Point uncovered the infrastructure used by the threat actor behind it to distribute and maintain the campaign.

For each application, the actor created a new developer user for the Google Play Store along with a repository on their GitHub account which allowed them to distribute different payloads to devices that were infected with each of the malicious apps.

The Clast82 dropper is able to avoid detection during Google's evaluation period due to the fact that the configuration sent from the Firebase C&C server used to control it contains an “enable” parameter. Based on the parameter's value, the malware will then “decide” whether or not to trigger its malicious behavior. This parameter is set to “false” and will only change to “true” after Google has published one of the threat actor's malicious apps on the Play Store.

To prevent falling victim to the AlienBot malware, Check Point recommends that users carefully scrutinize any apps before downloading them and the cybersecurity firm also recommends that users install an Android antivirus app on their smartphones.

Date

09 Mar 2021

Sources


Share


Other Blog

  • Cisco is buying IMImobile in cloud comms push

    US technology firm Cisco is set to buy cloud communications company IMImobile as part of a deal worth almost $750 million.

    Read More
  • Chrome has a new way to warn you about weak passwords

    Discover if any of your saved passwords are substandard and protect your valuable accounts.

    Read More
  • This is the cheapest 4K laptop right now, by a mile

    How this 4K laptop vendor managed to deliver such an affordable product remains a mystery.

    Read More
  • Instagram launches new feature that you and your local businesses will love

    New Instagram feature makes it easier to share profile pages with others.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us