An operating system as open as Android is certainly the scene of endless opportunities to do anything through applications. Sometimes, however, among these opportunities it happens that dangers such as malware arise, as in the case of the Clast82 dropper, contained in some Android apps of the Google Play Store and in this article we explain which ones to avoid .
Google Play Store: here are which Android apps to avoid in order not to encounter Clast82 malware
Before proceeding with the list of malicious applications, we explain for the Clast82 dropper to be avoided in all ways. According to the data collected by Check Point Research , it is a program designed to spread malware to the phone of an unfortunate user through some utility apps of the Google Play Store in which it is established. It came into contact with those apps because it bypassed the store’s protections in order to deliver a second malware that gave the hacker access to the financial accounts of the users who came into contact with it, as well as control of the smartphone. same.
But how does it work? Clast82 is activated once the infected utility app has been downloaded, thus communicating with the C&C server to receive the configuration. Once done, download the payload received from the same configuration and install it on the Android device (in this case, the AlienBot Banker ). Finally, it gains access to the victim’s financial credentials and proceeds to check his entire device. Cast82 uses as needed C&C Firebase (from Google) and GitHub to download the payload.
Apps containing Clast82
Below are the applications used by the hacker to establish Clast82. It must be said that these apps were all legitimate and known.
- Cake VPN
- Pacific VPN
- QR / Barcode Scanner MAX
- eVPN (com.abcd.evpnfree)
- Music Player
Here are the words of Aviran Hazum , Check Point’s Mobile Research Manager: “ The hacker behind Clast82 was able to circumvent Google Play’s protections using a creative but worrying methodology. With a simple manipulation of easily found third-party resources – such as a GitHub account, or a FireBase account – the hacker was able to leverage available resources to bypass Google Play Store protections. The victims thought they were downloading a harmless utility app from the official Android store, but instead it was a dangerous Trojan targeting their financial accounts. The dropper’s ability to remain undetected demonstrates the importance of why a mobile security solution is needed. It is not enough to scan the app during the analysis, as an attacker can, and will, change the behavior of the app using third-party tools ”.