Security News > 2021 > March > Google Play Harbors Malware-Laced Apps Delivering Spy Trojans

A malware dropper that paves the way for attackers to remotely steal data from Android phones has been spreading via nine malicious apps on the official Google Play store, according to researchers.

The dropper, dubbed Clast82, was disguised in benign apps, which don't fetch a malicious payload until they have been vetted and cleared by Google Play Protect.

Google Play Protect is the store's evaluation mechanism, meant to weed out apps with ill intent and malicious functions.

"Based on the parameter's value, the malware will decide to trigger the malicious behavior or not. This parameter is set to 'false' and will only change to 'true' after Google has published the Clast82 malware on Google Play.".

"The actor used legitimate and known open-sourced Android applications, which the actor added the malicious code into in order to provide functionality to the malicious dropper, along with the reason for the victim to download and install it from the official Google Play store," the researchers explained.

After Check Point Research reported its findings to the Android Security team, Google confirmed that all Clast82 apps were removed from the Google Play Store.

News URL

https://threatpost.com/google-play-malware-spy-trojans/164601/