I say this often in these news sports, but there just doesn’t seem to be an end to the bad actors in the tech space. It takes constant work on the part of the tech giants, developers, and the app stores to stay a step ahead of the cybercriminals. There are constant warnings of apps, websites, and companies being attacked, and now eight more “dangerous” Android apps have been identified.
Check Point Warning
“Hackers always seem to be one step ahead of Play Store’s security measures,” explained Ekram Ahmed with cybersecurity firm Check Point Security. “We’re consistently finding that the Play Store struggles to fend off hackers from infiltrating their apps.” He told Forbes that it’s the simplicity of the latest malware “that’s the most dangerous aspect of this campaign.”
This new malware is being referred to as “Clast 82.” It can “install any malware on the device.” A mobile remote access trojan is included on Clast82 that can control devices where it’s installed. It’s often connected to the AlienBot banking malware. Check Point contends Clast 82 can take “full control over a victim’s phone – making it as if the hacker is holding the phone physically.”
Earlier this month, there was a warning about another Android app that still hasn’t been removed from the Play Store, but there are more. Check Point issued a warning a year ago about two malware variants.
Even back then, Check Point had said, “Malicious apps are still finding their way onto Google Play.” The cybersecurity firm’s Aviran Hazum had said,” Google is investing to battle malicious apps, but given the current state, it’s not enough.”
Clast82 “utilized third-party resources like FireBase and GitHub, alongside a ‘switch’ to turn on and off the malicious behavior. … Victims thought they were downloading an innocuous utility app from the official Android store, but what they were really getting was a dangerous trojan coming straight for their financial accounts.”
While Google has initiated efforts to keep the Play Store clean, again, bad actors are always a step ahead. With the recent dangerous Android apps, while Google was evaluating them, the “switch was off, and there was no contact with malicious payloads or execution of dynamically loaded payloads. But when the app was approved by Google, the threat actor flipped the switch and turned on all of the capabilities of Clast82.”
It’s hard to blame Google in this instance – it did what it needed to and assumably thought it was approving safe apps. “The payload dropped by Clast82 does not originate from Google Play, thus the scanning of applications before submission to review will not prevent the installation of the malicious payload,” said Check Point.
Delete These Dangerous Android Apps
This all comes at a time when Google is trying to clear its slate. It’s trying to repair its reputation by vowing to no longer collect individual user data, but at the same time, it has these dangerous Android apps on the Play Store.
Here’s what you can do: in lieu of Google not rejecting these apps, you can look over apps more carefully before downloading. Make sure you always check the app permissions. Know what you’re giving access to.
These are the eight apps that are deemed dangerous. If you have downloaded them, delete them immediately.
- Cake VPN (com.lazycoder.cakevpns)
- Pacific VPN (com.protectvpn.freeapp)
- eVPN (com.abcd.evpnfree)
- BeatPlayer (com.crrl.beatplayers)
- QR/Barcode Scanner MAX (com.bezrukd.qrcodebarcode)
- Music Player (com.revosleap.samplemusicplayers)
- tooltipnatorlibrary (com.mistergrizzlys.docscanpro)
- QRecorder (com.record.callvoicerecorder)
If you have these apps on your phone, Ahmed warns, “you risk having your financial credentials in the hands of dangerous people.” It just seems like there is no way to escape this. If you own technology, you just have to stay on your toes and always look in front of you.
Read on to learn how to tell if your Android has been infected by mining malware.
