The new investigation of the cybersecurity firm Check Point Research (CPR), a malware dropper has been spreading through nine malicious apps on the official Google Play store.
However, the analyst pronounced all the information regarding the dropper, it was dubbed Clast82, and it mainly uses a set of methods so that it can evade all kinds of detection by Google Play Protect detection.
The dropper initially completes the evaluation stage fortunately and later it changes from a non-malicious payload to the AlienBot Banker and MRAT.
The AlienBot malware family is a Malware-as-a-Service (MaaS) for Android devices, this malware generally enables a remote threat actor to inject malicious code into authorized financial apps.
The threat actor obtains access to victims’ accounts and ultimately constrains their device. After taking full control over the device, the threat actor gains the capacity to control certain functions.
While the timeline that has been declared by the cybersecurity researchers are given below:-
The android apps that are affected were accounted for approximately 15000 installs, and here’s the list of affected apps mentioned below:-
In this evaluation period, the investigators found that the configuration sent from the Firebase C&C includes an “enable” parameter. However, this parameter was not true and will only turn to “true” when Google announced the Clast82 malware on Google Play.
This malware has a special ability to hide very well, as the payload abandoned by Clast82 does not start from Google Play. That’s why the scanning of applications before assent to review would not really stop the installation of the ill-disposed payload.
Cybersecurity experts have affirmed some tips to protect users, Harmony Mobile delivers complete protection for the mobile workforce by implementing a wide range of abilities that are simple to deploy, manage and scale.
This Harmony Mobile provides clear protection for all mobile vectors of offense, and it also includes the download of malicious applications along with malware embedded in them.
Apart from this, the analysts reported the malicious apps to Google on January 29, a day after its detection. And on February 9, Google had reinforced that the malware had been excluded from the Play Store.
Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make it a highly effective and low-cost…
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…