Cybersecurity researchers said they discovered that hackers infected 10 apps in Google’s app store enabling them to gain full control over a victim’s phone and access to their financial credentials.
Google removed the apps from its Google Play Store after cybersecurity firm Check Point Research alerted Google to the hackers bypassing their security, according to the firm.
The cybersecurity researchers said they uncovered a dropper, which is a malicious program designed to deliver malware to a victim’s phone, spreading on Google’s app store. Check Point Research said it found the dropper, called Clast82, inside 10 utility apps that appeared to provide functions such as barcode scanning, screen recording and the use of virtual private networks.
“With a simple manipulation of readily available 3rd party resources — like a GitHub account, or a FireBase account — the hacker was able to leverage readily available resources to bypass Google Play Store’s protections,” said Aviran Hazum, Check Point Research manager of mobile research, in a statement. “The victims thought they were downloading an innocuous utility app from the official Android market, but what they were really getting was a dangerous trojan coming straight for their financial accounts.”
Third-party vulnerabilities leading to hacks of prominent cybersecurity defenses have gained much more attention in recent months, in the aftermath of the SolarWinds hack of computer network management software becoming public. Since the disclosure of the SolarWinds hack late last year, the U.S. federal government has said nine federal agencies were compromised by those hackers.
While there is no indication the hackers who used Clast82 share a connection with other hacks or nation-state-backed cyberattacks, Check Point Research noted that Clast82 was equipped with the capability of using the remote-access software TeamViewer to control the victims’ phones.
Hackers using TeamViewer have also grabbed attention for dangerous hacks attempted in recent months. After a hacker was stopped from breaching a Florida town’s water treatment plant’s security, federal government agencies reviewing the hack said early information indicated software such as TeamViewer may have been leveraged by the bad actor.
Google did not respond to a request for comment.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.