AlienBot Malware
The AlienBot Malware is a hacking tool whose original authors are renting it out to like-minded cybercriminals. The primary purpose of the implant is to serve as a makeshift banking Trojan. Still, it also possesses the ability to access the infected device's sensors, run a hidden TeamViewer instance, and modify particular phone settings.
The modus operandi of AlienBot Malware is to prepare ready-to-use login screens that mimic the ones used by legitimate financial applications and websites. If it detects that the user is trying to access one of the supported payment services, it will load the fake overlay instead. The user is unlikely to notice anything strange, and they will unknowingly give out their username and password to the criminals.
Recently, AlienBot Malware's activity spiked because it was combined with a brand new Android malware called Clast82. The Clast82 serves as a first-stage payload, which then introduces additional threats like the AlienBot Malware or MRAT. What is unique about this attack campaign is that the criminals are hosting threatening applications on Google's Play Store. Apparently, they have found a way to bypass the security measures that Google employs to keep harmful software away from their platform.
The AlienBot Malware is linked to the following illegitimate Android applications - BeatPlayer, Cake VPN, eVPN, Music Player, Pacific VPN, QR/Barcode Scanner Max, QRecorder, tooltipnattorlibrary. If you recall interacting with any of these programs, you should run an up-to-date Android security tool to ensure that you do not have malware running on your Android device.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.