According to Checkpoint Security Company, Google has recently removed eight malicious Android apps designed to steal users’ bank accounts and take control of their phones from the Play Store.
The applications that we will mention in the following have been able to pass the barrier of Google Play security tests and reach thousands of users’ phones. According to Checkpoint, these apps did not look malicious when evaluated by Google, but as soon as users installed them, they started communicating with GitHub to install predefined apps on the phone. Gate Hub is a code-sharing platform owned by Microsoft, where anyone can share his or her software or other code.
Each of these malicious programs contains a secret code called a “dripper” that is designed to install additional software. These drippers download the AlienBot banking trojan from the separate GateHub pages created for each application and install it on the user’s phone.
AlienBot obtains the user’s bank password after installation on the phone and controls two-factor authentication (2FA) methods for effective use of stolen passwords.
However, things get worse when you know that, according to AlienBot, it is often able to install the Android version of TeamViewer on the phone as well. This program, which is legal and in itself has no problem, allows hackers to remotely control the smartphone. In this way, by installing TeamViewer, the malware developer can access the victims’ bank accounts at any time.
Checkpoint said that it reported the malicious nature of these apps to Google on January 28 (February 9) and Google removed them from the Play Store on February 9 (February 21). However, you may still have one of these apps on your phone as you read this. So, without any delay, go to the list below and identify the apps on your phone, install and delete them.
Below is a list that shows the names of these eight programs along with their unique identifiers (IDs). It is very important to pay attention to the identities of these apps because Android apps may have the same or even the same name, while they have different manufacturers and have nothing to do with each other.
– Cake VPN
– Music Player
– Pacific VPN
– QR / Barcode Scanner MAX