Security News > 2021 > March > Google Play Harbors Malware-Laced Apps Delivering Spy Trojans
A malware dropper that paves the way for attackers to remotely steal data from Android phones has been spreading via nine malicious apps on the official Google Play store, according to researchers.
The dropper, dubbed Clast82, was disguised in benign apps, which don't fetch a malicious payload until they have been vetted and cleared by Google Play Protect.
Google Play Protect is the store's evaluation mechanism, meant to weed out apps with ill intent and malicious functions.
"Based on the parameter's value, the malware will decide to trigger the malicious behavior or not. This parameter is set to 'false' and will only change to 'true' after Google has published the Clast82 malware on Google Play.".
"The actor used legitimate and known open-sourced Android applications, which the actor added the malicious code into in order to provide functionality to the malicious dropper, along with the reason for the victim to download and install it from the official Google Play store," the researchers explained.
After Check Point Research reported its findings to the Android Security team, Google confirmed that all Clast82 apps were removed from the Google Play Store.
News URL
https://threatpost.com/google-play-malware-spy-trojans/164601/
Related news
- Fake Trading Apps Target Victims Globally via Apple App Store and Google Play (source)
- ‘Pig butchering’ trading apps found on Google Play, App Store (source)
- Over 200 malicious apps on Google Play downloaded millions of times (source)
- Fake Google Meet conference errors push infostealing malware (source)