Google Removed these Android Apps as a found threat to Banking Apps
Some Android Apps can be able to hack your banking apps. You know seriousness if anyone will be able to know all your bank details. Well, Google also keeping eye on these types of Android apps and again removed 10 applications from the play store. As per the google financial trojans brought to users’ android devices through these apps. Users who use banking application on their device makes these apps unsafe
A Blog post of Check Point Research (CPR) clearly mentions that the Android application appears to have been submitted by the same threat actor who creates a new developer account for each banking app. and these applications come with Droppers, which download and install the AlienBot Banker and MRAT.
As per a blog post, CPR said, “This Dropper, dubbed Clast82, utilizes a series of techniques to avoid detection by Google Play Protect detection, completes the evaluation period successfully, and changes the payload dropped from a non-malicious payload to the AlienBot Banker and MRAT.”
“The AlienBot malware family is a Malware-as-a-Service (MaaS) for Android devices that allows a remote attacker, at a first step, to inject malicious code into legitimate financial applications. The attacker obtains access to victims’ accounts, and eventually completely controls their devices. Upon taking control of a device, the attacker can control certain functions just as if he was holding the device physically, like installing a new application on the device, or even control it with TeamViewer,” they further wrote.
You can’t imagine this dropper was found in some Innocent looking apps like
Android Apps List:
- Cake VPN,
- Pacific VPN,
- Scanner MAX
The website further claims, “After the malicious payload is successfully installed, the dropper app launches the payload downloaded. In the case of Clast82, we were able to identify over 100 unique payloads of the AlienBot, an Android MaaS Banker (Malware as a service) targeting financial applications and attempting to steal the credentials and 2FA codes for those applications.”
You May Also like to read…
Powered by WPeMatico