Investigators released a serious warning to Android device owners on Tuesday, alerting them to the discovery of eight dangerous apps in the Google Play Store that could allow an attacker to take over a victim’s smartphone and empty their bank account.
So says Check Point Research, which said in its report on the discovery that the cyber threat intelligence company actually found the apps on January 27 and notified Google the next day. A month ago today, Google confirmed that they have been removed from the Play Store, but you still have to remove them from your device yourself, if you have them. So, what exactly happened here? Read on for the details, as well as the names of all eight Android apps identified.
Today’s best deal 
Amazon shoppers are obsessed with black AccuMed face masks – now at the lowest price ever! Price:$ 19.99 
BGR is available from Amazon and can receive a commission Available at Amazon BGR can receive a commission
The Check Point researchers explained that what they discovered is a malware dropper called “Clast82” that spread through the eight apps. The frightening thing about it is that the dropper could have prevented it from getting caught by Google Play Protect, and it also contains a remote access trojan that is so nasty that one of the researchers said Forbes it allows the attacker to “take full control of a victim’s phone, making it appear as if the hacker is physically holding the phone”.
According to Check Point’s findings, this particular dropper appears to favor the AlienBot Malware-as-a-Service (MaaS), which allows an attacker to remotely inject malicious code into legitimate financial applications on Android devices. “The attacker gains access to the victims’ accounts and ultimately has full control of their device,” the researchers explain. “When the attacker takes control of a device, he has the ability to operate certain functions, just as if he were physically holding the device, such as installing a new application on the device, or even controlling it with TeamViewer.”
The eight apps in question, along with their package names, are as follows, per Check Point Research:
- Cake VPN (com.lazycoder.cakevpns)
- Pacific VPN (com.protectvpn.freeapp)
- eVPN (com.abcd.evpnfree)
- BeatPlayer (com.crrl.beatplayers)
- QR / barcode scanner MAX (com.bezrukd.qrcodebarcode)
- Music player (com.revosleap.samplemusicplayers)
- tooltipnator library (com.mistergrizzlys.docscanpro)
- QRecorder (com.record.callvoicerecorder)
Again, you should absolutely delete these apps immediately if you find them on your device. It would probably also be a good idea to change passwords associated with your financial accounts as access to those passwords is one of the concerns here.
While hackers can be quite smart and creative to the extent that they hide the intentions and true nature of their apps, this is yet another opportunity to be reminded that you should always check the apps you are preparing for download and the identity of the developers behind it. It doesn’t seem like a situation where the above apps were able to infect millions of devices before researchers discovered them – this time. But hackers who are truly committed will keep coming back undaunted until they score.
Today’s best deal 
Amazon has finally made 6-layer KN95 masks in the USA! Price:$ 39.99 BGR is available from Amazon and can receive a commission Available at Amazon BGR can receive a commission
Andy is a Memphis reporter who also contributes to outlets like Fast Company and The Guardian. When not writing about technology, he is protective of his burgeoning vinyl collection, as well as his whovianism and binges on a variety of TV shows you probably don’t like.