Another eight Android apps have been found to contain malicious code that steals users’ banking information and takes over their phones…
Security researchers over at Check Point have discovered yet another batch of mobile applications with nefarious missions. They not only contain a malware dropper called “Clast82,” which cleverly evades Google’s Play Protect service, but also includes a remote access Trojan so nasty it can fully take over victims’ phones to the point it acts as though hackers are personally holding the compromised devices.
These 8 Android Apps Steal Users’ Bank Account Information and Take Over their Phones
The infected apps deployed this particular dropper seems to prefer the AlienBot Malware-as-a-Service (MaaS). This allows attackers to remotely inject malicious code into legitimate financial applications on Android devices. Once infiltrated, hackers easy obtain access to victims’ accounts, and eventually completely controls their device. This represents one of the biggest threats because they’re presence wasn’t discovered until January 27th.
Fortunately, after being uncovered for what they actually do, security experts notified Google. The company immediately removed these apps from the Google Play Store. But, anyone who has already downloaded the programs should delete them right away:
- Cake VPN (com.lazycoder.cakevpns)
- Pacific VPN (com.protectvpn.freeapp)
- eVPN (com.abcd.evpnfree)
- BeatPlayer (com.crrl.beatplayers)
- QR/Barcode Scanner MAX (com.bezrukd.qrcodebarcode)
- Music Player (com.revosleap.samplemusicplayers)
- tooltipnatorlibrary (com.mistergrizzlys.docscanpro)
- QRecorder (com.record.callvoicerecorder)