AlienBot was by far the most common to be delivered to victims. It was created for reconnaissance and information-gathering, and sports all of the typical spyware features, plus detection evasion, specific checks for antivirus, app and file deletion functionality, and more. MRAT meanwhile has been around since at least 2014, when it was used against Hong Kong protestors. “Upon taking control of a device, the attacker has the ability to control certain functions, just as if they were holding the device physically, like installing a new application on the device, or even control it with TeamViewer.” “The attacker obtains access to victims’ accounts, and eventually completely controls their device,” according to the firm’s analysis. Info-stealers AlienBot and MRATĪlienBot is available in a malware-as-a-service (MaaS) model, and it allows a remote attacker to inject malicious code into legitimate financial applications, Check Point noted. Once ensconced in the App Store, Clast82 fetches the AlienBot banking trojan, or in some cases MRAT, the investigation found. This parameter is set to ‘false’ and will only change to ‘true’ after Google has published the Clast82 malware on Google Play.” “Based on the parameter’s value, the malware will decide to trigger the malicious behavior or not. “During the Clast82 evaluation period on Google Play, the configuration sent from the Firebase contains an ‘enable’ parameter,” according to Check Point’s research, released on Tuesday. Google Play Protect is the store’s evaluation mechanism, meant to weed out apps with ill intent and malicious functions. The dropper, dubbed Clast82, was disguised in benign apps, which don’t fetch a malicious payload until they have been vetted and cleared by Google Play Protect. The malware is part of a campaign aimed at lifting victims’ financial information, but which also allows eventual takeover of mobile phones, according to Check Point Research. A malware dropper that paves the way for attackers to remotely steal data from Android phones has been spreading via nine malicious apps on the official Google Play store, according to researchers.
0 kommentar(er)
