Security News > 2021 > March > Google Play Harbors Malware-Laced Apps Delivering Spy Trojans
A malware dropper that paves the way for attackers to remotely steal data from Android phones has been spreading via nine malicious apps on the official Google Play store, according to researchers.
The dropper, dubbed Clast82, was disguised in benign apps, which don't fetch a malicious payload until they have been vetted and cleared by Google Play Protect.
Google Play Protect is the store's evaluation mechanism, meant to weed out apps with ill intent and malicious functions.
"Based on the parameter's value, the malware will decide to trigger the malicious behavior or not. This parameter is set to 'false' and will only change to 'true' after Google has published the Clast82 malware on Google Play.".
"The actor used legitimate and known open-sourced Android applications, which the actor added the malicious code into in order to provide functionality to the malicious dropper, along with the reason for the victim to download and install it from the official Google Play store," the researchers explained.
After Check Point Research reported its findings to the Android Security team, Google confirmed that all Clast82 apps were removed from the Google Play Store.
News URL
https://threatpost.com/google-play-malware-spy-trojans/164601/
Related news
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Fake Homebrew Google ads target Mac users with malware (source)
- Google Play, Apple App Store apps caught stealing crypto wallets (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)