A Malware dropper named “Clast82” has been found on a few of the Android apps. This dropper is custom-designed to deliver financial malware. The hackers remotely steal data from Android phones, and the malware is spreading from 8 banking apps from Google Play Store.
Android Malware Alert: Malware Dropper Clast82, fetches the AlienBot and MRAT Malware
Android Operating system has more users globally, as it allows so much to do. But, sometimes it becomes dangerous when it goes against privacy. The researchers have found few dangerous apps that can leak your data. This dropper is not traced by Google Play Protect.
Clast82 dropper installs AlienBot Banker, it is malware that can inject malicious code remotely to the legal financial apps. And it also installs MRAT and gets access to your mobile.
With the help of these two programs, the hacker can take over your phone and hack the banking apps. Even the two-factor authentication (2FA) codes will be entered and steal financial data.
The researchers explained, when a user downloads one of the apps, it starts a service from the MainActivity which starts a dropping flow called LoaderService.
The Researchers said,
“Upon taking control of a device, the attacker has the ability to control certain functions, just as if they were holding the device physically, like installing a new application on the device, or even control it with TeamViewer.”
Here is the list of eight apps that are available on the Google Play Store. These apps can steal your bank account and bypass the two-step authentication.
Check out the list and make sure you uninstall the app if you have any of them on your phone from the given list.
- Cake VPN (com.lazycoder.cakevpns)
- Pacific VPN (com.protectvpn.freeapp)
- eVPN (com.abcd.evpnfree)
- BeatPlayer (com.crrl.beatplayers)
- QR/Barcode Scanner MAX (com.bezrukd.qrcodebarcode)
- Music Player (com.revosleap.samplemusicplayers)
- tooltipnatorlibrary (com.mistergrizzlys.docscanpro)
- QRecorder (com.record.callvoicerecorder)