The new investigation of the cybersecurity firm Check Point Research (CPR), a malware dropper has been spreading through nine malicious apps on the official Google Play store. Dubbed Clast82

The dropper initially completes the evaluation stage fortunately and later it changes from a non-malicious payload to the AlienBot Banker and MRAT.

AlienBot malware family is a Malware-as-a-Service (MaaS) for Android devices, this malware generally enables a remote threat actor to inject malicious code into authorized financial apps.

Affected apps

The android apps that are affected were accounted for approximately 15000 installs, and here’s the list of affected apps mentioned below:-

  • BeatPlayer
  • Cake VPN
  • Two versions of eVPN
  • QR/Barcode Scanner MAX
  • Music Player
  • Pacific VPN
  • QRecorder
  • tooltipnattorlibrary

Bypassing detection

This malware has a special ability to hide very well, as the payload abandoned by Clast82 does not start from Google Play. That’s why the scanning of applications before assent to review would not really stop the installation of the ill-disposed payload.

Experts’ recommendation

Harmony Mobile delivers complete protection for the mobile workforce by implementing a wide range of abilities that are simple to deploy, manage and scale.

This Harmony Mobile provides clear protection for all mobile vectors of offense, and it also includes the download of malicious applications along with malware embedded in them.