Investigators on Tuesday issued a serious warning to Android device owners, warning them of the discovery of eight dangerous applications in the Google Play Store that could have allowed an attacker to take over a victim’s smartphone and exhaust your bank account.
That’s according to Check Point Research, which said in its report on the discovery that the cyber-threat intelligence firm found the apps on Jan. 27 and reported them to Google the next day. A month ago today, Google confirmed that they were removed from the Play Store, but you still need to remove any of them from your device, if you have any. So what exactly happened here? Read on for detailed information as well as the names of the eight identified Android apps.
Today’s offer 
Amazon finally has 6-layer KN95 masks made in the US. Price:$ 39.99 
Available on Amazon, BGR may receive a commission Available on Amazon BGR may receive a commission
Check Point researchers explained that what they discovered is a drop in malware, called “Clast82,” that spanned all eight applications. What’s scary is that the dropper was able to avoid being caught by Google Play Protect, and it also includes such a nasty remote access Trojan that one of the researchers said Forbes allows the attacker to take “total control of the victim’s phone, which causes the hacker to physically hold the phone.”
According to Check Point findings, this particular counter seems to prefer the AlienBot Malware-as-a-Service (MaaS), which allows an attacker to remotely inject malicious code into legitimate financial applications on Android devices. “The attacker gains access to the victims’ accounts and eventually completely controls their device, ”the investigators explain. “When you take control of a device, the attacker has the ability to control certain functions, such as physically holding the device, such as installing a new application on the device, or even controlling it with TeamViewer.” .
The eight applications in question, along with the package names, are as follows, according to Check Point Research:
- VPN Cake (com.lazycoder.cakevpns)
- Pacific VPN (com.protectvpn.freeapp)
- eVPN (com.abcd.evpnfree)
- BeatPlayer (com.crrl.beatplayers)
- QR / Barcode Scanner MAX (com.bezrukd.qrcodebarcode)
- Music player (com.revosleap.samplemusicplayers)
- tooltipnatorlibrary (com.mistergrizzlys.docscanpro)
- QRecorder (com.record.callvoicerecorder)
Again, you should remove absolutely any of these applications immediately if you find them on your device. It would probably also be a good idea to change any password associated with your financial accounts, as accessing it is one of the concerns.
While hackers can be very smart and creative to the degree that they will go into hiding the intentions and true nature of their applications, this is another opportunity to remind you that you should always review the applications that you are preparing for the download and the identity of the developers behind it. It doesn’t seem like a situation where previous apps could infect millions of devices before researchers noticed it, this time. But hackers who are really committed will keep coming back, without any fear, until they score.
Today’s offer Amazon finally has 6-layer KN95 masks made in the US. Price:$ 39.99 Available on Amazon, BGR may receive a commission Available on Amazon BGR may receive a commission
Andy is a reporter in Memphis who also contributes to outlets such as Fast Company and The Guardian. When he’s not writing about technology, he can be found crouching down with protection over his growing vinyl collection, in addition to taking care of his whovianism and indulging in various TV shows you probably don’t like.