Researchers on Tuesday published a serious warning for Android device owners, alerting them to the discovery of eight dangerous apps on the Google Play Store that could have allowed an attacker to take control of the victim’s smartphone and drain his bank account.
This is according to Check Point Research, which said in its report on the discovery that the cyber threat intelligence company actually found the applications on January 27 and notified Google about them the next day. Today, a month ago, Google confirmed that they have been removed from the Play Store – but you still need to remove them from your device, if you have them. So, what exactly happened here? Read the details, as well as the names of all eight Android apps identified.
Best deal of the day 
Amazon buyers are obsessed with AccuMed black masks – now with the lowest price ever! Price:$ 19.99 
Available on Amazon, BGR can receive a commission Available on Amazon BGR you can receive a commission
Check Point researchers explained that what they found is a malware dropper, called “Clast82”, that was spreading through the eight applications. What is scary is that the dropper was able to avoid being captured by Google Play Protect, and it also includes a remote access Trojan so nasty that one of the researchers said Forbes allows the attacker to “have complete control over the victim’s phone – making the hacker physically hold the phone”.
According to Check Point’s findings, this particular dropper appears to prefer AlienBot Malware-as-a-Service (MaaS), which allows an attacker to remotely inject malicious code into legitimate financial applications on Android devices. “The attacker gains access to the victims’ accounts and eventually completely controls their device,” explain the researchers. “By taking control of a device, the attacker has the ability to control certain functions, as if he were physically holding the device, like installing a new application on the device, or even controlling it with TeamViewer.”
The eight applications in question, along with their package names, are as follows, according to Check Point Research:
- Cake VPN (com.lazycoder.cakevpns)
- Pacific VPN (com.protectvpn.freeapp)
- eVPN (com.abcd.evpnfree)
- BeatPlayer (com.crrl.beatplayers)
- QR / Barcode Scanner MAX (com.bezrukd.qrcodebarcode)
- Music player (com.revosleap.samplemusicplayers)
- tooltipnatorlibrary (com.mistergrizzlys.docscanpro)
- QRecorder (com.record.callvoicerecorder)
Again, you must absolutely delete any of these applications immediately if you find them on your device. It would probably also be a good idea to change all passwords associated with your financial accounts, as accessing them is one of the concerns here.
While hackers can be very smart and creative in that they will hide the intentions and the true nature of your apps, this is another opportunity to remember that you should always double check the apps you’re preparing to download and identity of the developers behind them. There does not seem to be a situation where the applications above were able to infect millions of devices before researchers discovered them – this time. But hackers who are really compromised will keep coming back, fearless, until they book.
Best deal of the day Amazon buyers are obsessed with AccuMed black masks – now with the lowest price ever! Price:$ 19.99 Available on Amazon, BGR can receive a commission Available on Amazon BGR you can receive a commission
Andy is a reporter in Memphis who also contributes to vehicles like Fast Company and The Guardian. When he’s not writing about technology, he can be found perched protectively on his growing vinyl collection, as well as nurturing his Whovianism and devouring a variety of TV shows that you probably don’t like.