Clast82

Cybersecurity researchers are reporting a new threat that targets Android devices exclusively. The malware, dubbed Clast82, was discovered on the Google Play Store, mimicking the names and logos of legitimate Android applications. It appears that the criminals behind this campaign have managed to bypass Google Play Store's security mechanisms by crafting a threatening payload that goes under the radar of Google's security evaluation strategy.

The Clast82 Malware works as a downloader that introduces additional implants to the compromised device. So far, the criminals have relied on just two malware families – AlienBot and MRAT. Both of these threatening programs will work in the background without revealing their true intentions. Users whose devices have been infected by any of these three implants may not notice anything out of the ordinary while their sensitive data, contacts, and conversations are being spied on.

The Clast82 was found in multiple fake VPN applications, music players, QR code scanners, and other bogus software. To avoid interacting with potentially threatening applications on the Google Play Store, we advise you to stick to using applications that:

• Have accumulated many downloads.
• Have an overwhelmingly positive rating on the Google Play Store.
• Are rated as safe on other websites and platforms.

Keep in mind that criminals like the ones behind Clast82 often manipulate the statistics of their threatening application's Google Play Store page, leaving users under the impression that the software is widely used and legitimate. The names of some of the fake applications used to deliver the Clast82 Malware are BeatPlayer, Cake VPN, eVPN, Music Player, Pacific VPN, QR/Barcode Scanner Max, QRecorder, tooltipnattorlibrary. If you recall interacting with applications going by these names, you should use an up-to-date Android ant-virus tool to check for threatening software.