{"id":28242,"date":"2021-03-22T19:15:00","date_gmt":"2021-03-23T01:15:00","guid":{"rendered":"https:\/\/goldenti.com\/site\/?p=28242"},"modified":"2021-03-22T17:01:16","modified_gmt":"2021-03-22T23:01:16","slug":"detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google","status":"publish","type":"post","link":"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/","title":{"rendered":"Detectan peligroso malware en 10 apps de la Play Store de Google"},"content":{"rendered":"\n<p>Investigadores de Check Point Research, la Divisi\u00f3n de Inteligencia de Amenazas de Check Point Software Technologies, descubri\u00f3 un nuevo dropper -un programa malicioso dise\u00f1ado para introducir otro malware en la terminal de la v\u00edctima- que se est\u00e1 propagando en la Play Store de Google.<\/p>\n\n\n\n<p>Apodado\u00a0<em>\u201cClast82\u201d<\/em>\u00a0por los investigadores, el dropper ejecuta un malware de segunda fase que proporciona al ciberdelincuente un acceso intrusivo a las cuentas bancarias de las v\u00edctimas, as\u00ed como el control total de sus m\u00f3viles. CPR encontr\u00f3 Clast82 dentro de 10 apps, que abarcaban funciones como la grabaci\u00f3n de pantalla o la VPN.<\/p>\n\n\n\n<p>Clast82 introduce el malware-as-a-service AlienBotBanker, un malware de segunda fase que ataca a las aplicaciones bancarias eludiendo sufactor de doble de autenticaci\u00f3n. Adem\u00e1s, Clast82 est\u00e1 compuesto por un troyano de acceso remoto m\u00f3vil (MRAT) capaz de controlar el dispositivo con TeamViewer con lo que cibercriminal tiene acceso como si lo tuviera en sus manos.<\/p>\n\n\n\n<p><strong><u>\u00bfC\u00f3mo act\u00faa el \u201cClast82\u201d?<\/u><\/strong><\/p>\n\n\n\n<p>Los investigadores de Check Point han se\u00f1alado el m\u00e9todo de ataque que utiliza Clast82:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>La v\u00edctima descarga una app maliciosa desde Google Play, que contiene el dropper Clast82.<\/li><li>Clast82 se comunica con el servidor de C&amp;C para recibir la configuraci\u00f3n.<\/li><li>Clast82 descarga en el dispositivo Android un payload recibido por la configuraci\u00f3n, y lo instala \u2013 en este caso, el AlienBotBanker.<\/li><li>Los ciberdelincuentes acceden a las credenciales bancarias de la v\u00edctima y proceden a controlar el terminal por completo.<\/li><\/ol>\n\n\n\n<p><strong><u>Clast82 utiliza una serie de t\u00e9cnicas para evitar ser detectado por Google Play Protect:<\/u><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Firebase (propiedad de Google) como plataforma para la comunicaci\u00f3n del C&amp;C:<\/strong>&nbsp;durante el periodo de evaluaci\u00f3n de Clast82 en Google Play, los ciberdelincuentes cambiaron la configuraci\u00f3n a nivel de comando y control utilizando Firebase. A su vez, el cibercriminal \u201cdesactiv\u00f3\u201d el comportamiento malicioso de Clast82 durante el periodo de evaluaci\u00f3n por parte de Google.<\/li><li><strong>GitHub como plataforma de alojamiento de terceros para descargar el payload:<\/strong>&nbsp;para cada aplicaci\u00f3n, el cibercriminal ha creado un nuevo usuario en la tienda de Google Play, junto con un repositorio en la cuenta de GitHub del cibercriminal, lo que le permitedistribuir diferentes payloads a los dispositivos infectados por cada aplicaci\u00f3n maliciosa.<\/li><\/ul>\n\n\n\n<p><strong><u>Las 10 apps implicadas<\/u><\/strong><\/p>\n\n\n\n<p>Los ciberdelincuentes utilizaron aplicaciones Android leg\u00edtimas y conocidas de c\u00f3digo abierto:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Name<\/strong><\/td><td><strong>Package_name<\/strong><\/td><\/tr><tr><td><strong>Cake VPN<\/strong><\/td><td>com.lazycoder.cakevpns<\/td><\/tr><tr><td><strong>Pacific VPN<\/strong><\/td><td>com.protectvpn.freeapp<\/td><\/tr><tr><td><strong>eVPN<\/strong><\/td><td>com.abcd.evpnfree<\/td><\/tr><tr><td><strong>BeatPlayer<\/strong><\/td><td>com.crrl.beatplayers<\/td><\/tr><tr><td><strong>BeatPlayer<\/strong><\/td><td>com.crrl.beatplayers<\/td><\/tr><tr><td><strong>QR\/Barcode Scanner MAX<\/strong><\/td><td>com.bezrukd.qrcodebarcode<\/td><\/tr><tr><td><strong>eVPN<\/strong><\/td><td>com.abcd.evpnfree<\/td><\/tr><tr><td><strong>Music Player<\/strong><\/td><td>com.revosleap.samplemusicplayers<\/td><\/tr><tr><td><strong>tooltipnatorlibrary<\/strong><\/td><td>com.mistergrizzlys.docscanpro<\/td><\/tr><tr><td><strong>QRecorder<\/strong><\/td><td>com.record.callvoicerecorder<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Figura 1. Clast82 Malware en Google Play<\/p>\n\n\n\n<p>&nbsp;El el 28 de enero de 2021 se inform\u00f3 a Google de los hallazgos y hoy, &nbsp;9 de febrero de 2021, Google ha confirmado que todas las aplicaciones de Clast82 fueron eliminadas de Google Play Store.<\/p>\n\n\n\n<p>Al respecto, Aviran Hazum, director de investigaci\u00f3n de amenazas m\u00f3viles en Check Point, coment\u00f3: \u201cel ciberdelincuente que est\u00e1 detr\u00e1s de Clast82 ha sido capaz de saltarse las protecciones de Google Play utilizando una metodolog\u00eda creativa. Con una simple manipulaci\u00f3n de recursos de terceros f\u00e1cilmente accesibles -como una cuenta de GitHub o una cuenta de FireBase- aprovech\u00f3 los recursos para eludir las protecciones de Google Play Store. Las v\u00edctimas pensaban que estaban descargando una aplicaci\u00f3n inocua del mercado oficial de Android, pero lo que realmente recib\u00edan era un peligroso troyano que iba directamente a sus cuentas bancarias. La capacidad del dropper para pasar desapercibido demuestra la importancia de contar con una soluci\u00f3n de seguridad m\u00f3vil. No basta con escanear la aplicaci\u00f3n durante el periodo de evaluaci\u00f3n, ya que un ciberdelincuente puede, y lo har\u00e1, cambiar el comportamiento de la aplicaci\u00f3n utilizando herramientas de terceros f\u00e1cilmente disponibles\u201d.<\/p>\n\n\n\n<p>Fuente: cio.com.mx<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Investigadores de Check Point Research, la Divisi\u00f3n de Inteligencia de Amenazas de Check Point Software Technologies, [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":28243,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-28242","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-noticas"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Detectan peligroso malware en 10 apps de la Play Store de Google -<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/\" \/>\n<meta property=\"og:locale\" content=\"es_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Detectan peligroso malware en 10 apps de la Play Store de Google -\" \/>\n<meta property=\"og:description\" content=\"Investigadores de Check Point Research, la Divisi\u00f3n de Inteligencia de Amenazas de Check Point Software Technologies, [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-23T01:15:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/goldenti.com\/site\/wp-content\/uploads\/2021\/03\/malw.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"816\" \/>\n\t<meta property=\"og:image:height\" content=\"506\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Iris Esparza\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Iris Esparza\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/\"},\"author\":{\"name\":\"Iris Esparza\",\"@id\":\"https:\/\/goldenti.com\/site\/#\/schema\/person\/8190e0425b54b5461126268d75de9409\"},\"headline\":\"Detectan peligroso malware en 10 apps de la Play Store de Google\",\"datePublished\":\"2021-03-23T01:15:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/\"},\"wordCount\":662,\"image\":{\"@id\":\"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/goldenti.com\/site\/wp-content\/uploads\/2021\/03\/malw.jpg\",\"articleSection\":[\"Noticas\"],\"inLanguage\":\"es\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/\",\"url\":\"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/\",\"name\":\"Detectan peligroso malware en 10 apps de la Play Store de Google -\",\"isPartOf\":{\"@id\":\"https:\/\/goldenti.com\/site\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/goldenti.com\/site\/wp-content\/uploads\/2021\/03\/malw.jpg\",\"datePublished\":\"2021-03-23T01:15:00+00:00\",\"author\":{\"@id\":\"https:\/\/goldenti.com\/site\/#\/schema\/person\/8190e0425b54b5461126268d75de9409\"},\"breadcrumb\":{\"@id\":\"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/#primaryimage\",\"url\":\"https:\/\/goldenti.com\/site\/wp-content\/uploads\/2021\/03\/malw.jpg\",\"contentUrl\":\"https:\/\/goldenti.com\/site\/wp-content\/uploads\/2021\/03\/malw.jpg\",\"width\":816,\"height\":506},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\/\/goldenti.com\/site\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Detectan peligroso malware en 10 apps de la Play Store de Google\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/goldenti.com\/site\/#website\",\"url\":\"https:\/\/goldenti.com\/site\/\",\"name\":\"\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/goldenti.com\/site\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/goldenti.com\/site\/#\/schema\/person\/8190e0425b54b5461126268d75de9409\",\"name\":\"Iris Esparza\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/goldenti.com\/site\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ec9f40c0dfa9dc199516d80ef8aac218e84ffeb18d9f3b54b46c273173c12ceb?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ec9f40c0dfa9dc199516d80ef8aac218e84ffeb18d9f3b54b46c273173c12ceb?s=96&d=mm&r=g\",\"caption\":\"Iris Esparza\"},\"url\":\"https:\/\/goldenti.com\/site\/author\/irisesparza\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Detectan peligroso malware en 10 apps de la Play Store de Google -","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/","og_locale":"es_ES","og_type":"article","og_title":"Detectan peligroso malware en 10 apps de la Play Store de Google -","og_description":"Investigadores de Check Point Research, la Divisi\u00f3n de Inteligencia de Amenazas de Check Point Software Technologies, [&hellip;]","og_url":"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/","article_published_time":"2021-03-23T01:15:00+00:00","og_image":[{"width":816,"height":506,"url":"https:\/\/goldenti.com\/site\/wp-content\/uploads\/2021\/03\/malw.jpg","type":"image\/jpeg"}],"author":"Iris Esparza","twitter_card":"summary_large_image","twitter_misc":{"Escrito por":"Iris Esparza","Tiempo de lectura":"3 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/#article","isPartOf":{"@id":"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/"},"author":{"name":"Iris Esparza","@id":"https:\/\/goldenti.com\/site\/#\/schema\/person\/8190e0425b54b5461126268d75de9409"},"headline":"Detectan peligroso malware en 10 apps de la Play Store de Google","datePublished":"2021-03-23T01:15:00+00:00","mainEntityOfPage":{"@id":"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/"},"wordCount":662,"image":{"@id":"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/#primaryimage"},"thumbnailUrl":"https:\/\/goldenti.com\/site\/wp-content\/uploads\/2021\/03\/malw.jpg","articleSection":["Noticas"],"inLanguage":"es"},{"@type":"WebPage","@id":"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/","url":"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/","name":"Detectan peligroso malware en 10 apps de la Play Store de Google -","isPartOf":{"@id":"https:\/\/goldenti.com\/site\/#website"},"primaryImageOfPage":{"@id":"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/#primaryimage"},"image":{"@id":"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/#primaryimage"},"thumbnailUrl":"https:\/\/goldenti.com\/site\/wp-content\/uploads\/2021\/03\/malw.jpg","datePublished":"2021-03-23T01:15:00+00:00","author":{"@id":"https:\/\/goldenti.com\/site\/#\/schema\/person\/8190e0425b54b5461126268d75de9409"},"breadcrumb":{"@id":"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/"]}]},{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/#primaryimage","url":"https:\/\/goldenti.com\/site\/wp-content\/uploads\/2021\/03\/malw.jpg","contentUrl":"https:\/\/goldenti.com\/site\/wp-content\/uploads\/2021\/03\/malw.jpg","width":816,"height":506},{"@type":"BreadcrumbList","@id":"https:\/\/goldenti.com\/site\/detectan-peligroso-malware-en-10-apps-de-la-play-store-de-google\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/goldenti.com\/site\/"},{"@type":"ListItem","position":2,"name":"Detectan peligroso malware en 10 apps de la Play Store de Google"}]},{"@type":"WebSite","@id":"https:\/\/goldenti.com\/site\/#website","url":"https:\/\/goldenti.com\/site\/","name":"","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/goldenti.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Person","@id":"https:\/\/goldenti.com\/site\/#\/schema\/person\/8190e0425b54b5461126268d75de9409","name":"Iris Esparza","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/goldenti.com\/site\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ec9f40c0dfa9dc199516d80ef8aac218e84ffeb18d9f3b54b46c273173c12ceb?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ec9f40c0dfa9dc199516d80ef8aac218e84ffeb18d9f3b54b46c273173c12ceb?s=96&d=mm&r=g","caption":"Iris Esparza"},"url":"https:\/\/goldenti.com\/site\/author\/irisesparza\/"}]}},"_links":{"self":[{"href":"https:\/\/goldenti.com\/site\/wp-json\/wp\/v2\/posts\/28242","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/goldenti.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/goldenti.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/goldenti.com\/site\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/goldenti.com\/site\/wp-json\/wp\/v2\/comments?post=28242"}],"version-history":[{"count":1,"href":"https:\/\/goldenti.com\/site\/wp-json\/wp\/v2\/posts\/28242\/revisions"}],"predecessor-version":[{"id":28244,"href":"https:\/\/goldenti.com\/site\/wp-json\/wp\/v2\/posts\/28242\/revisions\/28244"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/goldenti.com\/site\/wp-json\/wp\/v2\/media\/28243"}],"wp:attachment":[{"href":"https:\/\/goldenti.com\/site\/wp-json\/wp\/v2\/media?parent=28242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/goldenti.com\/site\/wp-json\/wp\/v2\/categories?post=28242"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/goldenti.com\/site\/wp-json\/wp\/v2\/tags?post=28242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}