Thursday, May 15, 2025
HomeMalwareMalware Dropper Found in 9 Malicious Android Apps on the Official Google...

Malware Dropper Found in 9 Malicious Android Apps on the Official Google Play store

Published on

SIEM as a Service

Follow Us on Google News

The new investigation of the cybersecurity firm Check Point Research (CPR), a malware dropper has been spreading through nine malicious apps on the official Google Play store.

However, the analyst pronounced all the information regarding the dropper, it was dubbed Clast82, and it mainly uses a set of methods so that it can evade all kinds of detection by Google Play Protect detection.

The dropper initially completes the evaluation stage fortunately and later it changes from a non-malicious payload to the AlienBot Banker and MRAT.

- Advertisement - Google News

The AlienBot malware family is a Malware-as-a-Service (MaaS) for Android devices, this malware generally enables a remote threat actor to inject malicious code into authorized financial apps. 

Findings and the timeline

The threat actor obtains access to victims’ accounts and ultimately constrains their device. After taking full control over the device, the threat actor gains the capacity to control certain functions.

While the timeline that has been declared by the cybersecurity researchers are given below:-

  • January 27th: First  discovery
  • January 28th: Report to Google
  • February 9th: Google-authenticated that all Clast82 apps were eliminated from the Google Play Store.

Affected apps

The android apps that are affected were accounted for approximately 15000 installs, and here’s the list of affected apps mentioned below:-

  • BeatPlayer
  • Cake VPN
  • Two versions of eVPN
  • QR/Barcode Scanner MAX
  • Music Player
  • Pacific VPN
  • QRecorder
  • tooltipnattorlibrary

Bypassing detection

In this evaluation period, the investigators found that the configuration sent from the Firebase C&C includes an “enable” parameter. However, this parameter was not true and will only turn to “true” when Google announced the Clast82 malware on Google Play.

This malware has a special ability to hide very well, as the payload abandoned by Clast82 does not start from Google Play. That’s why the scanning of applications before assent to review would not really stop the installation of the ill-disposed payload. 

Experts’ recommendation

Cybersecurity experts have affirmed some tips to protect users, Harmony Mobile delivers complete protection for the mobile workforce by implementing a wide range of abilities that are simple to deploy, manage and scale. 

This Harmony Mobile provides clear protection for all mobile vectors of offense, and it also includes the download of malicious applications along with malware embedded in them.

Apart from this, the analysts reported the malicious apps to Google on January 29, a day after its detection. And on February 9, Google had reinforced that the malware had been excluded from the Play Store.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Coinbase Data Breach – Customers Personal Info, Government‑ID & Transaction Data Exposed

Coinbase, the largest cryptocurrency exchange in the United States, has disclosed a significant cybersecurity...

Inside Turla’s Uroboros Infrastructure and Tactics Revealed

In a nation-state cyber espionage, a recent static analysis of the Uroboros rootkit, attributed...

CISA Alerts on Five Active Zero-Day Windows Vulnerabilities Being Exploited

Cybersecurity professionals and network defenders, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has...

Intruder vs. Acunetix vs. Attaxion: Comparing Vulnerability Management Solutions

The vulnerability management market is projected to reach US$24.08 billion by 2030, with numerous...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Threat Actors Exploit Open Source Packages to Deploy Malware in Supply Chain Attacks

The Socket Threat Research Team has uncovered a surge in supply chain attacks where...

Xanthorox Emerging BlackHat AI Tool Empowering Hackers in Phishing and Malware Campaigns

Artificial intelligence platform named Xanthorox has emerged as a potent new tool for cybercriminals,...

Weaponized Google Calendar Invites Deliver Malicious Payload Using a Single Character

Security researchers have unearthed a sophisticated malware distribution method leveraging Google Calendar invites to...