Describing the threat these malicious pieces of software pose Check Point said: “The AlienBot malware family is a Malware-as-a-Service (MaaS) for Android devices that allows a remote attacker, at a first step, to inject malicious code into legitimate financial applications. The attacker obtains access to victims’ accounts, and eventually completely controls their device. Upon taking control of a device, the attacker has the ability to control certain functions just as if he was holding the device physically”.
The dangerous financial malware was found on harmless-looking apps such as Pacific VPN, Cake CPN, BeatPlayer, QRecorder, QR/Barcode Scanner Max.
The Android apps managed to get onto the Google Play Store after using various techniques to avoid detection by Google Play Store Protect.
Outlining the threat in a post online, Check Point said: “The actor used legitimate and known open sources android applications, which the actor added the malicious code into in order to provide functionality to the malicious dropper, along with the reason for the victim to download and install it from the official Google Play store. For instance, the malicious CakeVPN application is based on this GitHub repository.”