www.tomsguide.com
Open in
urlscan Pro
199.232.198.114
Public Scan
URL:
https://www.tomsguide.com/news/malicious-android-apps-alienbot
Submission: On March 19 via manual from BR — Scanned from DE
Submission: On March 19 via manual from BR — Scanned from DE
Form analysis 2 forms found in the DOM
GET https://www.tomsguide.com/search
<form class="search-box" action="https://www.tomsguide.com/search" method="GET" data-component-tracked="19">
<input tabindex="0" type="search" name="searchTerm" placeholder="Search Tom's Guide" class="search-input">
<button type="submit" class="search-submit">
<span class="icon icon-search">
<svg class="icon-svg" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1000 1000">
<path d="M720 124a422 422 0 1 0-73 654l221 222 132-131-222-222a422 422 0 0 0-58-523zm-92 504a291 291 0 1 1-412-412 291 291 0 0 1 412 411z"></path>
</svg> </span>
</button>
</form>GET https://www.tomsguide.com/email-signup
<form class="emailform" method="GET" action="https://www.tomsguide.com/email-signup" data-component-tracked="8">
<div class="input__wrapper">
<input type="text" class="name__input" name="NAME" value="">
<input type="email" class="mail__input" name="MAIL" value="" placeholder="Your Email Address" required="">
</div>
<div class="emailform__checkbox-rows">
<div class="emailform__checkbox-row" data-newsletter-consent-type="default-market" id="emailform__consent-news-and-offers">
<label class="emailform__checkbox-row__label">
<input type="checkbox" id="emailform__consent-news-and-offers-yes" class="emailform__checkbox-row__checkbox" value="1" name="CONTACT_OTHER_BRANDS"> Contact me with news and offers from other Future brands </label>
</div>
<div class="emailform__checkbox-row" data-newsletter-consent-type="default-market" id="emailform__consent-partners-and-sponsors">
<label class="emailform__checkbox-row__label">
<input type="checkbox" id="emailform__consent-partners-and-sponsors-yes" class="emailform__checkbox-row__checkbox" value="1" name="CONTACT_PARTNERS"> Receive email from us on behalf of our trusted partners or sponsors </label>
</div>
</div>
<div class="submit__wrapper">
<input class="submit__button" type="submit" value="Sign me up">
</div>
<input type="hidden" class="hidden__id" name="ID" id="ID" value="PbkPj5hSTiI7DaHxA%2BxhNEnb2DC0sRfetMa8wX06DbF4AUl5zRkYymPQ7Wzu1%2BA6Sh5nStr7zk%2Bl5%2Bh9b8" data-newsletter-consent-type="default">
<input type="hidden" class="hidden__brand" name="BRAND" id="BRAND" value="TSG" data-newsletter-consent-type="default">
<input type="hidden" class="hidden__lang" name="LANG" id="LANG" value="EN" data-newsletter-consent-type="default">
<input type="hidden" class="hidden__source" name="SOURCE" id="SOURCE" value="2" data-newsletter-consent-type="default">
</form>Text Content
WE VALUE YOUR PRIVACY
We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting.
Please note that some processing of your personal data may not require your
consent, but you have a right to object to such processing. Your preferences
will apply to this website only. You can change your preferences at any time by
returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
Skip to main content
Tom's Guide Tom's Guide
Search
Subscribe
RSS
US Edition
UK
US
Australia
Canada
Technology Magazines
Why subscribe?
* The best tech tutorials and in-depth reviews
* Try a single issue or save on a subscription
* Issues delivered straight to your door or device
From€8
View
*
* Best Picks
* News
* Reviews
* How Tos
* Phones
* TVs
* Deals
* More
* Antivirus
* Audio
* Cameras
* Gaming
* Opinion
* Smart Home
* Software
* Streaming
* Best VPN
* Wearables
* Web hosting
* What To Watch
* Cloud Storage
* Cloud Backup
* All Topics
* Black Friday
* About Us
Forums
Trending
* iPhone SE Review
* Galaxy S22 Ultra
* Galaxy S22
* iPhone 14
* PS5 restock
Tom's Guide is supported by its audience. When you purchase through links on our
site, we may earn an affiliate commission. Learn more
1. Home
2. News
3. Android Apps
THESE DANGEROUS ANDROID APPS CAN HIJACK YOUR PHONE — WHAT TO DO NOW
By Paul Wagenseil published March 09, 2021
Perilous packages turned Google's own technology against it
*
*
*
*
*
*
*
Comments (0)
(Image credit: Shutterstock)
Google has booted eight malicious Android apps from the Play Store that were
designed to steal money from online financial accounts and take over
smartphones, according to a new report from Israeli security firm Check Point.
The apps, listed below, snuck into Google Play through the front door. They
didn't seem malicious when Google's malicious-app screening process evaluated
them, Check Point said, because the apps' creators made sure the apps
communicated only with Google's own Firebase cloud back-end servers, which are
often used by smartphone apps.
* Study: Two-thirds of Android malware comes through Google Play
* The best Android antivirus apps to keep your phone clean
* Plus: Google Pixels can now read your heart rate and breathing
But once the apps were installed by users, Check Point said, they switched to
communicating with GitHub, a code-sharing platform owned by Microsoft upon which
anyone can post software and other items.
Each app contained a hidden "dropper" designed to install more software, and
those droppers downloaded the AlienBot banking Trojan from individual GitHub
pages dedicated to each app. (Independent researchers at MalwareHunterTeam also
posted about this on Twitter in late January.)
RECOMMENDED VIDEOS FOR YOU... Tom's Guide
Check Point described AlienBot as "second-stage malware that targets financial
applications by bypassing two-factor authentication codes for financial
services."
In other words, AlienBot — once installed — steals your online banking password
and gets around the two-factor authentication (2FA) methods meant to protect
against the use of stolen passwords.
Even worse, said Check Point, AlienBot often installs the Android version of
TeamViewer, a legitimate app that enables remote control of a smartphone (or a
computer) from afar.
With TeamViewer installed, the bogus apps' creator(s) could have logged into
victims' bank accounts at any time.
"The hacker was able to leverage readily available resources to bypass Google
Play Store's protections," said Check Point researcher Aviran Hazum. "The
victims thought they were downloading an innocuous utility app from the official
Android market, but what they were really getting was a dangerous Trojan coming
straight for their financial accounts."
Check Point said it notified Google about these malicious apps on Jan. 28, and
Google confirmed on Feb. 9 that all had been removed from Google Play.
HOW TO REMOVE MALICIOUS APPS FROM YOUR PHONE
Many people may still have these apps installed on their devices. Here's a chart
showing the name of each app along with their unique Android application IDs,
which are important because Android apps often share identical or very similar
names.
App nameApplication IDBeatPlayercom.crrl.beatplayersCake
VPNcom.lazycoder.cakevpnseVPNcom.abcd.evpnfreeMusic
Playercom.revosleap.samplemusicplayersPacific
VPNcom.protectvpn.freeappQR/Barcode Scanner
MAXcom.bezrukd.qrcodebarcodeQRecordercom.record.callvoicerecordertooltipnatorlibrarycom.mistergrizzlys.docscanpro
To make sure you don't have any of these apps installed, scroll through your
apps and see if anything has a name similar to one of those above.
If so, then go to Settings > Apps & notifications. You may have to tap an extra
button to see all your apps at once.
Scroll down to the suspicious app and tap it. On the app's screen, tap Advanced,
then tap App Details.
You should be taken straight to the app's page in the Google Play app, which is
really just a specialized web browser. Tap the three stacked dots in the upper
right of the Google Play app page, then tap Share.
A flyout window should appear at the bottom of the screen displaying the web
address, or URL, for the app's Google Play store page.
The last part of that URL, after the equal sign, is the app's application ID.
For example, when you look up the Facebook Android app in Google Play, the URL
is "https://play.google.com/store/apps/details?id=com.facebook.katana." The
application ID for the Facebook app is "com.facebook.katana".
If one of your apps has an application ID that matches one of the application
IDs the chart above, then you'll have to remove it.
Tap the back button to get out of the flyout window on the app's Google Play
page. Then tap Uninstall to get rid of the app.
Today's best Google Pixel 5 deals
€649
View
€679
View
€769.90
View
Show More Deals
We check over 250 million products every day for the best prices
Paul Wagenseil
*
Paul Wagenseil is a senior editor at Tom's Guide focused on security and
privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey
and video editor. He's been rooting around in the information-security space for
more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's
Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker
conferences, shown up in random TV news spots and even moderated a panel
discussion at the CEDIA home-technology conference. You can follow his rants on
Twitter at @snd_wagenseil.
More about...
Aston Villa vs Arsenal live stream — how to watch Premier League 21/22 game
online
OLED MacBooks and iPads could still be years away
Latest
Mac Studio teardown points to an upgradable SSD
See more latest
Topics
Android Apps
Google
Security
Smartphones
See all comments (0)
No comments yet Comment from the forums
Most Popular
Nolah’s best natural mattress for healthy sleep is now up to $650 off
By Claire Daviesabout 1 hour ago
Read more
F1 Bahrain Grand Prix live stream 2022 — how to watch the F1 season opener
By Marc McLarenabout 2 hours ago
Read more
F1 live stream 2022 — how to watch, schedule, drivers and more
By Marc McLarenabout 2 hours ago
Read more
Today's Octordle answers — game #54, Saturday, March 19
By Marc McLarenabout 3 hours ago
Read more
Today's Quordle answers and hints — solution #54, Saturday, March 19
By Marc McLarenabout 3 hours ago
Read more
Today's Wordle answer and hints — solution #273, Saturday, March 19
By Marc McLarenabout 3 hours ago
Read more
Today's Worldle answer — game #57, Saturday, March 19
By Marc McLarenabout 3 hours ago
Read more
What is a pillow protector — and are they worth it?
By Katie Mortramabout 4 hours ago
Read more
This TikTok trick will help you master a push-up
By Jane McGuireabout 6 hours ago
Read more
iPhone 14 vs iPhone 14 Pro — get ready for the biggest differences in years
By Mark Spoonauerabout 8 hours ago
Read more
Be In the Know
Get instant access to breaking news, the hottest reviews, great deals and
helpful tips.
Contact me with news and offers from other Future brands
Receive email from us on behalf of our trusted partners or sponsors
Thank you for signing up to Tom's Guide. You will receive a verification email
shortly.
There was a problem. Please refresh the page and try again.
By submitting your information you agree to the Terms & Conditions and Privacy
Policy and are aged 16 or over.
MOST READMOST SHARED
1. 1
Today's Octordle answers — game #51, Wednesday, March 16
2. 2
Today's Quordle answers and hints — solution #51, Wednesday, March 16
3. 3
Today's Worldle answer — game #54, Wednesday, March 16
4. 4
Disney Plus will hide Marvel Netflix shows until you change this one setting
5. 5
Visible 5G deal gives you three months of unlimited data for $20
1. 1
Today's Octordle answers — game #51, Wednesday, March 16
2. 2
Today's Quordle answers and hints — solution #51, Wednesday, March 16
3. 3
Today's Worldle answer — game #54, Wednesday, March 16
4. 4
Disney Plus will hide Marvel Netflix shows until you change this one setting
5. 5
Visible 5G deal gives you three months of unlimited data for $20
Tom's Guide is part of Future US Inc, an international media group and leading
digital publisher. Visit our corporate site.
* Terms and conditions
* Privacy policy
* Cookies policy
* Accessibility Statement
* Advertise
* About us
* Contact us
* Archives
* Careers
© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.